|
W32.Beagle.A@mm:
--------------------------------------------- http://securityresponse.symantec.com...agle.a@mm.html Computer users are being warned about a new virus which has spread at "an alarming rate". Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours. The computer virus, or worm, which also appears as W32.Beagle.A@mm, is contained in infected emails as an attachment. The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts. Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running. Paul Wood, chief information security analyst at the firm, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate." Infected emails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =). Analysis shows the worm has a cut-off date of January 28, a ploy used by hackers in the past to avoid detection. The advice to users is to ensure they update their anti-virus software on a regular basis. --------------------------------------------- And This one: VBS.Zsyang.B@mm --------------------------------------------- http://securityresponse.symantec.com...yang.b@mm.html When VBS.Zsyang.B@mm is executed, it performs the following actions: Copies itself as %Windir%\lover.vbe. --------------------------------------------------------------------------- Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. --------------------------------------------------------------------------- Adds the value: "kv3000"="%Windir%\lover.vbe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run so that the worm runs when you start Windows. Creates the key: HKEY_CURRENT_USER\Software\a and adds the value: "a"="1" If the value in step 3 does not exist, the worm will perform the following actions: Email itself to the first contact in Outlook address book. Attempt to delete %Windir%\regedit.exe. --------------- end Remember, ALWAYS keep your virus def's up to date. An old virus def is as good as no virus def. |
well.. I actually recieved the attachment from someone I dont even know. Thank goodness yahoo's virus scan is up to date. It found it right away.
|
<font color=lime>Hey, thanks for posting this Z! </font>
|
Agree!
|
Thanks, Z. I've seen this one a few dozen times at work and home already and didn't open any of them. Didn't recognize the senders and thought it was a little odd to get so many 'hi' messages at once!
|
*Gets out fly swat* bah! nasty bugs!
|
At least it doesn't spread without you opening it.
There was an item on the news here in Australia that this virus may just be collecting information and is just a test for a new "better" virus to come, hence the name "test". So be prepared |
I'm shaking in my boots ;)
[ 01-20-2004, 10:06 AM: Message edited by: Vaskez ] |
Thanks for the warning, Ziroc.
|
Quote:
What did annoy me though was that the news here mentioned not to open any files ending in .exe but if an exe is renamed to .com, .bat, .cmd or .scr it'll still execute. So watch out for all those extensions too |
| All times are GMT -4. The time now is 11:01 PM. |
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved