[Dshield] new version of "Bagel" virus
sama at snowplow.org
Tue Feb 17 15:06:26 GMT 2004
I just received an alert from Trend marking this as a Yellow Alert right
now. Reports that this memory-resident worm propagates by mass-mailing
copies of itself using SMTP.
Reports that it runs on Win 95, 98, ME, NT, 2000 and XP.
Nice early heads up, Johannes!
More info at:
On Tue, 17 Feb 2004, Johannes B. Ullrich wrote:
> Just got a couple copies of what looks like a new
> version of 'bagel' I added a copy to my virus zoo
> quick analysis: strings look similar to original bagel.
> uses these URLs:
> appends a query string that looks like
> Email looks like
> ID sighmwmi... thanks
> Yours ID dsyxgxixwb
> (Please hit any user clicking on random attachments
> real hard with a glue-by-4. Apply the ISC consensus
> AV policy: http://isc.sans.org/antivirus.pdf )
> CTO SANS Internet Storm Center http://isc.sans.org
> phone: (617) 837 2807 jullrich at sans.org
> contact details: http://johannes.homepc.org/contact.htm
More information about the list