30 October 2004

And Worms...

As of October 29, 2004 9:40 AM (GMT -7:00; Daylight Saving Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AU. TrendLabs has received several infection reports indicating that this malware is spreading in US, Japan, Sweden, Germany, Mexico, France, Argentina, Chile, Brazil, and Canada.

Like other BAGLE variants, the success of this worm may be attributed to its plain and brief email messages that bear the following details:

Subject any of the following
• Re:
• Re: Hello
• Re: Hi
• Re: Thank you!
• Re: Thanks :)

Message body: any of the following
• :)
• :))

any of the following

with the following extension names

This worm scans an infected system for files with certain extension names to acquire its target recipients. It then uses its own SMTP engine and the domain servers of its harvested email addresses for its mailing routine. Unsuspecting users may then receive email messages from trusted acquaintances and readily execute the attachment, thus launching this worm.

For more information on WORM_BAGLE.AU, you can visit the Trend Micro Web site.

No comments: