Bagle is Baaack!
p2pnet.net News:- Bagle is back, with a side order.
Bagle.AL aka I-Worm.Bagle.al, W32/Bagle.aq@MM, WORM_BAGLE.AC,Bagle.AG, W32/Bagle-AQ was spammed widely yesterday and like other Bagles, sends emails with infected attachments.
“Typically the email attachment has a name like new_price.zip, price_new.zip, price_08.zip etc,” says F-Secure, pointing out that like its predecessors, this latest variant also has a backdoor.
Bagle.AL is an email worm that locates emails from the local hard drive and then sends itself to those addresses, says F-Secure here, going on:
“The attachment name is variable, but always contains the word ‘price’. The attachment is always ZIP, although it could sometimes be encrypted. In these cases the email contains the password in an image. When using encrypted ZIPs, the email body might be “new price” instead of “price”.
The attachment ZIP file contains two files: PRICE.HTML and PRICE.EXE (with hidden attribute set). When the HTML file is accessed, it uses the Object Data vulnerability in Internet Explorer to load and execute the PRICE.EXE file. When PRICE.EXE is run, it copies itself to Windows SYSTEM directory as WINDLL.EXE and tries to add execution of this file to Windows registry.
The worm also locates folders containing the string ‘SHAR’ in their name and copies itself to these folders under several tempting names, such as ‘Porno pics arhive, xxx.exe’.”
August 11th, 2004 at 10:33 pm
The siren lure of LOW LOW PRICES!!! Oooohhh! How much is Bill Gates offering me to theta test that software? $5000.00 just for looking at some file? How can they tell if I did? I’ll just click the link and fill out the silly survey and………. What happened to my BROWSER!!!!??? AHHHHHHHHHHH!!!
Ah! The sounds of another virally infected computer joining the legion of others on the ‘Net. Why is it people will look at a porn file or site, but they wouldn’t lift their little finger to click on a ‘Save the Children’ advert link? Free money. Will the monkeys never learn NOT to open the forbidden fruit? Oh look! Another virus, engineered to look like some lame excuse for an advertisement.
I have taken to using my dictionary software, tied into the mail filters to look for misspelled words, and I am pleased to announce that all my friends who have learned how to use a spell checker can now send me email, and the spammers LOSE.
Ah, the cheerful sound of my custom mail filters flushing the buffers on all the misspelt spam. My English teacher must be rolling in his grave. Probably laughing at all the poor schmucks what can’t speak the King’s English, what?