Jump to content


Photo

Bagle.AI Alert


  • Please log in to reply
9 replies to this topic

#1 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 19 July 2004 - 02:48 PM

http://www.viruslist...html?id=1887620

Gee, brand new and already it has been sent to me. :cool:
As of this writing, McAfee and Symantec do not detect it. Kaspersky's online scanner does detect it.
Edit: McAfee and Symantec have an update that will detect it now.

:p I just noticed my bad spelling in the topic title. :lol: :whistle:

Edited by Trilobite, 20 July 2004 - 05:02 PM.


#2 rosso_acido

rosso_acido

    Earl of Mysterious Briefcases

  • Full Member
  • PipPipPipPip
  • 286 posts

Posted 20 July 2004 - 04:00 AM

I got a couple e-mails with this one too this morning. :gack:

There's not much info about it on the Internet yet, but Stinger also detects it as of July 19. :)

R. :techsupport:
I am the iron anchor.

#3 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 20 July 2004 - 01:21 PM

Well it's a smart move to try eliminate the Helpers first. :D
ErikAlbert
Simplicity is always brilliant.

#4 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 20 July 2004 - 02:30 PM

Is that a crack about my spelling? :p :lol:

I'm kind of glad it was sent to me. It's another worm for me to test AV sofware with. :bounce:

I attempted to download it again today and the good news is that the AV scanner on yahoo.com email detects it and will not allow it to be downloaded.

#5 WaveThemes

WaveThemes

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 20 July 2004 - 03:54 PM

About 5:30 am est this morning I found this:

http://vil.nai.com/v...nt/v_126798.htm

McAfee released a new stinger and dat file set over this one!

#6 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 20 July 2004 - 03:56 PM

Hi WaveThemes,

That was allready known here:

http://www.spywarein...showtopic=16603

:D
Nucia Security Forums - Dutch Anti-Malware Support

#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,569 posts

Posted 20 July 2004 - 04:22 PM

FYI...

New Bagle Spreads Fast By Shutting Down Defenses
- http://www.techweb.c...WB20040720S0007
July 20, 2004
"The latest Bagle three-worm wave includes one that's using a more aggressive twist on an old tactic, said security firms Tuesday. Of the trio of Bagle variants that have hit the Internet since Saturday -- that day's Bagle.ag, Sunday's Bagle.ah. and Monday's Bagle.ai...Bagle.ai -- with the parade of Bagle variants, it's no surprise that not all vendors are in sync with the name; Panda, for instance, dubbed it Bagle.ah -- is very similar to earlier iterations. It's a mass mailing worm that spreads by hijacking addresses on infected machines or through shared folders; packages its payload as a file attachment, including .zip compressed files; and attempts to contact a slew of German Web sites, probably to alert the hacker of compromised systems so they can be used later as spam proxies or to conduct denial-of-service (DoS) attacks.
Hinojosa notes one important difference that he thinks is behind Bagle.ai..."It comes in and takes out a whole list of anti-virus and firewall processes," he said. "This list is larger than earlier [lists], and is so big I can't even count them. Someone really took their time to build this." The list -- 288 by Symantec's count -- is used by Bagle.ai to terminate memory-resident and active anti-virus and firewall software in an attempt to slip through a computer's defenses. "It goes around [defenses] by deleting the processes," said Hinojosa. "That's not good."..."


>>> If you haven't already done so, -now- would be a good time to update your AV.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 20 July 2004 - 04:56 PM

Looks like a nasty little one.

not all vendors are in sync with the name; Panda, for instance, dubbed it Bagle.ah

I noticed that too. A scan of an infected file reveals these results:
Kaspersky id's it as Bagle.ai
Symantec's norton id's it as Bagle.ag
McAfee's Stinger id's it as Bagle.ai

I haven't updated and scanned it with the other AV's yet.



If you haven't already done so, -now- would be a good time to update your AV.

Edited by Trilobite, 20 July 2004 - 04:58 PM.


#9 auctionhugh

auctionhugh

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 July 2004 - 07:43 AM

I'm sick of getting those kind of emails, but I'm also very glad for decent antivirus protection!

Hugh

----
Click to visit Kallen Web Design
Posted Image

#10 auctionhugh

auctionhugh

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 29 August 2004 - 08:24 AM

|..<->Virusscans and Firewalls<->..|
Kaspersky AV ---- Sygate Firewall Pro ---- AVG AV >> not recommended Anti-virus! ---- Kerio Firewall


I was wondering which one of the antivirus products in your links in your signature is the "not recommended" one, and why.

--------
Click to visit Kallen Web Design!
Posted Image

Edited by auctionhugh, 29 August 2004 - 08:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button