[NTLUG:Discuss] [Fwd: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD]
Alvin Goats
agoats at compuserve.com
Mon Jul 5 10:21:36 CDT 2004
Since I've read questions in both organisations mailing lists concerning
increased attacks and/or reduction in bandwidth, et al, I thought I'd
post this portion of an alert I received this morning.
While it attacks Microsoft, the SHARES portion may be important to a lot
of people who have Windows boxes attached to a linux server/gateway. For
others, it may help explain the incresed activity on their firewalls.
Alvin
-------- Original Message --------
Subject: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD
Date: Mon, 5 Jul 2004 06:04:20 -0700
From: "Trend Micro Newsletters Editor"
<newsletters at trendmicro.rsc03.com>
Reply-To: "Trend Micro Newsletters Editor" <newsletters at trendmicro.com>
To: agoats at compuserve.com
Dear Trend Micro customer,
As of 2:40 AM July 5, 2004 (GMT -07:00; Daylight Savings Time),
TrendLabs has declared a Medium Risk Virus Alert to control the spread
of WORM_BAGLE.AD. TrendLabs has received several infection reports
indicating that this worm is spreading in Japan, Korea, and Taiwan.
This worm is known to spread via email using its own Simple Mail
Transfer Protocol (SMTP) engine. It also spreads via network shares. It
drops copies of itself as the following files in the Windows system
folder:
loader_name.exe
loader_name.exeopen
loader_name.exeopenopen
Its email arrives with any of the following lines as subject:
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks :)
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
RE: Incoming Msg
RE: Message Notify
Notification
Changes..
Update
Fax Message
Protected message
RE: Protected message
Forum notify
Site changes
Re: Hi
Encrypted document
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 118
0fficial Pattern Release 927 - released 3:15 AM July 5, 2004
Damage Cleanup Template 367
NVW pattern 10130
For more information on WORM_BAGLE.AD, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AD
You can modify subscription settings for Trend Micro newsletters at:
http://www.trendmicro.com/subscriptions/default.asp
----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is
REQUIRED by July 2004. Click http://www.trendmicro.com/npf for details!
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using
Responsys Interact (TM).
To unsubscribe from Trend Micro's Newsletters Editor:
http://trendnewsletter.rsc03.net/servlet/optout?mgLDWTWDUEHnhHmlFJhtiNlLkOLDJhtE0
To update your subscription preference, or to change your email address:
http://trendnewsletter.rsc03.net/servlet/website/PersonalizedForm?mgLEwkLMLkLgJL9LgmLk.40hktELtHpsEHnhHmlFJhtiNlLkOLDJhtEhE3vyf_87.3de.26_7.2e_z18z
To view our permission marketing policy:
http://www.rsvp0.net
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA
95014
More information about the Discuss
mailing list