Security Incidents mailing list archives
RE: New virus: Alua! (Bagle.B)
From: "Sean Kelly" <sean () itsecurityconsultant com>
Date: Tue, 17 Feb 2004 16:53:40 -0000
Sophos has also got this but identifies it as Tanx.a Sean Kelly IT Security Consultant 2 Tintern Street, Hanley, Stoke on Trent, Staffordshire. ST1 3QU. England. Email: sean () itsecurityconsultant com Website: www.itsecurityconsultant.com GSM: (0044) 07792 982593 This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. IT Security Consultant, 2Tintern Street, Hanley, Stoke on Trent, Staffordshire. ST1 3QU England, www.itsecurityconsultant.com -----Original Message----- From: Seth Hall [mailto:shall () iotaengineering com] Sent: 17 February 2004 16:45 To: incidents () securityfocus com Subject: Re: New virus: Alua! (Bagle.B)
Anyone got hit by this new virus yet? Any deep informations about it would be greatly appreciated! Do you
know
what is the source code of the .php files it tries to execute on the websites?
Bitdefender has info on it, but no mention of .php files. From what it looks like (found at http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=193), it's a fairly standard exe-in-the-system32-folder, send itself to your address book type virus. It does launch Sound Recorder, though. Seth Hall ------------------------------------------------------------------------ --- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ------------------------------------------------------------------------ ---- _______________________________________________ Scanned for all known viruses by Bucks Net in association with NetCleanse. Please consult http://www.bucks.net/av/ for more information.
Attachment:
smime.p7s
Description:
Current thread:
- New virus: Alua! (Bagle.B) Roach4 (Feb 17)
- Re: New virus: Alua! (Bagle.B) Seth Hall (Feb 17)
- RE: New virus: Alua! (Bagle.B) Sean Kelly (Feb 17)
- <Possible follow-ups>
- RE: New virus: Alua! (Bagle.B) Jeremy Junginger (Feb 17)
- RE: New virus: Alua! (Bagle.B) Munoz, Hector (Feb 17)
- Re: New virus: Alua! (Bagle.B) Seth Hall (Feb 17)