Options
Bagel worm spreads
A new worm is on the loose and it isn’t looking very friendly. WW32/BAGLE@MM or Bagle, harvests addresses from local files and allows hackers to upload programs to infected PCs.
[blockquote]Antivirus company Sophos said it has received "many" reports of the worm, which sends itself to addresses taken from files on the hard disk.
"The worm spoofs the 'from' field in emails it sends, which means it may appear to have come from someone you know," the company said in a statement.
The worm includes a back door component that listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers.
It attempts to notify the virus author of its readiness to accept commands by contacting various websites and trying to activate a script that identifies the compromised computer.
Users should delete any email containing the following:
From: (address may be forged)
Subject: Hi
Body:
Test =)
(random characters)
--
Test, yep.
Attachment: (random filename) 15,872 bytes
example:
frjujs.exe
Sophos said the worm will not activate on PCs with a system date of 28 January 2004 or later.
[/blockquote]
[link=http://www.vnunet.com/News/1152111]Source report[/link]
[blockquote]Antivirus company Sophos said it has received "many" reports of the worm, which sends itself to addresses taken from files on the hard disk.
"The worm spoofs the 'from' field in emails it sends, which means it may appear to have come from someone you know," the company said in a statement.
The worm includes a back door component that listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers.
It attempts to notify the virus author of its readiness to accept commands by contacting various websites and trying to activate a script that identifies the compromised computer.
Users should delete any email containing the following:
From: (address may be forged)
Subject: Hi
Body:
Test =)
(random characters)
--
Test, yep.
Attachment: (random filename) 15,872 bytes
example:
frjujs.exe
Sophos said the worm will not activate on PCs with a system date of 28 January 2004 or later.
[/blockquote]
[link=http://www.vnunet.com/News/1152111]Source report[/link]
0
Comments
It was named W32.Beagle.A@MM though, not Bagle.
I have also received many spam mails in the past week.
I count 10-15, that is many for me, I usually do not receive spam.