[Dshield] .hta files

Carboni, Chris ccarboni at azerty.com
Wed Apr 28 18:13:33 GMT 2004


It fits the profile.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.Z
&VSect=T



-Chris 

> -----Original Message-----
> From: Louis Hablas [mailto:Lou.Hablas at rzim.org]
> Sent: Wednesday, April 28, 2004 1:39 PM
> To: Dshield (E-mail)
> Subject: [Dshield] .hta files
> 
> All:
> 
> Have seen several .hta files quarantined today.  File names like
> "You_will_answer_to_me.hta", "the_message.hta", etc.
> 
> 
> I knew they were harbingers of something bad and took a look at one.  It
> tried to drop the attached nuggets in place, but OfficeScan intercepted.
> Officescan says Bagle.z  Can anybody confirm?  Anybody else seeing same?
> 
> 
> FYI:
> 
> file 'qwrk.old' is exe and 'qfl.old' is vbs
> 
> Lou Hablas
> Systems Manager
> Ravi Zacharias International Ministries
> www.rzim.org
> 770-810-4214
> 
> 
> The information contained in this message may be CONFIDENTIAL and is for
> the
> intended addressee only.  Any unauthorized use, dissemination of the
> information, or copying of this message is prohibited.  If you are not the
> intended addressee, please notify the sender immediately and delete this
> message.
> 




More information about the list mailing list