[Slowhand] Virus Alert - "New Price"
Art Arias
artaarias at yahoo.com
Tue Aug 10 12:28:08 EDT 2004
A virus file has made it onto the digest. I hope
nobody downloaded and opened it. More facts:
New Bagle Variant Spreading
There is a new Bagle mass-mailing virus variant on the
loose.
Attachment may contain one of the following file
names,
price.zip
price2.zip
price_new.zip
price_08.zip
08_price.zip
newprice.zip
new_price.zip
new__price.zip
According to handler Tom Liston, the virus installs
itself as C:\WINDOWS\System32\WINdirect.exe and runs
from
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win_upd2.exe
Mitigation
The virus download part of itself from a list of known
websites. Blocking the following site at your
perimeter can mitigate the risk of this virus
http://polobeer.de/2.jpg
http://www.no-abi2003.de/2.jpg
AV vendors have created signatures for this Bagle
variant.
Mcafee: Bagle.aq
Trendmicro: Bagle.ac
Symantec: Bagle.ao
Snort signature for this virus is also available on
Bleeding Snort (submitted by Matt Jonkman).
http://www.bleedingsnort.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
More information about the Slowhand
mailing list