[Dshield] RE: CPL in Bagle-Like Message

James C. Slora, Jr. james.slora at phra.com
Mon Apr 26 21:21:55 GMT 2004


AV vendors are still updating their descriptions of Bagle.X (aka .W or
.Z depending on the AV vendor), but now Trend Micro's description does
match what we blocked. No guarantee, but that's what it likely was.

The different vendor descriptions are wildly inconsistent right now so
don't rely on only one site for information about this worm.

> Subject - Re: Incoming Message
> Body - Message is in attach
> Attachment - message.cpl

<snip>
> It's a good reminder to keep blocking .CPL files.




More information about the list mailing list