[Dshield] new version of "Bagel" virus

Johannes B. Ullrich jullrich at sans.org
Tue Feb 17 14:51:49 GMT 2004

Just got a couple copies of what looks like a new
version of 'bagel' I added a copy to my virus zoo

quick analysis: strings look similar to original bagel.
uses these URLs:

appends a query string that looks like


Email looks like 
ID sighmwmi... thanks

Yours ID dsyxgxixwb

(Please hit any user clicking on random attachments
 real hard with a glue-by-4. Apply the ISC consensus
 AV policy: http://isc.sans.org/antivirus.pdf )

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040217/2594b496/attachment.bin

More information about the list mailing list