[NTLUG:Discuss] [Fwd: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD]

Alvin Goats agoats at compuserve.com
Mon Jul 5 10:21:36 CDT 2004


Since I've read questions in both organisations mailing lists concerning
increased attacks and/or reduction in bandwidth, et al, I thought I'd
post this portion of an alert I received this morning.

While it attacks Microsoft, the SHARES portion may be important to a lot
of people who have Windows boxes attached to a linux server/gateway. For
others, it may help explain the incresed activity on their firewalls.

Alvin

-------- Original Message --------
Subject: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD
Date: Mon, 5 Jul 2004 06:04:20 -0700
From: "Trend Micro Newsletters Editor"
<newsletters at trendmicro.rsc03.com>
Reply-To: "Trend Micro Newsletters Editor" <newsletters at trendmicro.com>
To: agoats at compuserve.com

 
Dear Trend Micro customer,

As of 2:40 AM July 5, 2004 (GMT -07:00; Daylight Savings Time),
TrendLabs has declared a Medium Risk Virus Alert to control the spread
of WORM_BAGLE.AD. TrendLabs has received several infection reports
indicating that this worm is spreading in Japan, Korea, and Taiwan.

This worm is known to spread via email using its own Simple Mail
Transfer Protocol (SMTP) engine. It also spreads via network shares. It
drops copies of itself as the following files in the Windows system
folder:

	loader_name.exe 
	loader_name.exeopen 
	loader_name.exeopenopen 
	
Its email arrives with any of the following lines as subject: 

	Re: Msg reply 
	Re: Hello 
	Re: Yahoo! 
	Re: Thank you! 
	Re: Thanks :) 
	RE: Text message 
	Re: Document 
	Incoming message 
	Re: Incoming Message 
	RE: Incoming Msg 
	RE: Message Notify 
	Notification 
	Changes.. 
	Update 
	Fax Message 
	Protected message 
	RE: Protected message
	Forum notify 
	Site changes 
	Re: Hi 
	Encrypted document

TrendLabs will be releasing the following EPS deliverables:

	TMCM Outbreak Prevention Policy 118 
	0fficial Pattern Release 927 - released 3:15 AM July 5, 2004
	Damage Cleanup Template 367
	NVW pattern 10130


For more information on WORM_BAGLE.AD, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AD

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is
REQUIRED by July 2004. Click http://www.trendmicro.com/npf for details!
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using
Responsys Interact (TM).

To unsubscribe from Trend Micro's Newsletters Editor:
   
http://trendnewsletter.rsc03.net/servlet/optout?mgLDWTWDUEHnhHmlFJhtiNlLkOLDJhtE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/website/PersonalizedForm?mgLEwkLMLkLgJL9LgmLk.40hktELtHpsEHnhHmlFJhtiNlLkOLDJhtEhE3vyf_87.3de.26_7.2e_z18z


To view our permission marketing policy:
    http://www.rsvp0.net

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA
95014



More information about the Discuss mailing list