[Groff] RE: Did we get the BAGEL worm?

groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Groff] RE: Did we get the BAGEL worm?

From:	Ted Harding
Subject:	[Groff] RE: Did we get the BAGEL worm?
Date:	Tue, 20 Jan 2004 09:24:59 -0000 (GMT)

On 20-Jan-04 Meg McRoberts wrote:
> Hi all,
> I just received email from address@hidden entitled [Groff]Hi.
> I think this may contain the BAGLE worm.  I don't think
> this affects Linux boxes, but if you happened to open the
> .exe file on a Windows box, you may be infected.
> 
> I work for Trend Micro and just set email to the malware
> detection people about this.  This isn't a terribly destructive
> worm as far as we know -- it is mostly going to generate a whole
> lot of SMTP traffic and chew up bandwidth.
> 
> I suspect all the antivirus vendors have patterns for this right
> now.  I know there is more information at www.trendmicro.com and
> a free utility to clean your system.

Hi Meg,
Thanks for the notification! For a while over the last few days
a lot of instances of BAGLE have been flying around, though the
activity seems to have died down considerably now.

The fact that you received it apparently "from address@hidden"
[did you mean address@hidden, by the way?] does not mean that
it was really sent from that address. Bagle picks random
"From:" and "To:" addresses from email addresses found in
the machine it has infected.

So all this means is that someone who has your address and
"address@hidden" on their machine has been infected.

NOTE TO ALL: If you receive an email, appreantly from an
email address which you know and which has subject "Hi",
_do_not_open_it_ if you are running Windows, since you
then risk installing its attachment.

Further detailed information at

  http://www.data-fellows.com/v-descs/bagle.shtml

(and on all the major anti-virus websites). Note in particular
that the virus attempts to download a "data capture" trojan
from certain web-sites. It is claimed that this trojan has
been removed from the websites in question, but you never know.

Best wishes to all,
Ted.

--------------------------------------------------------------------
E-Mail: (Ted Harding) <address@hidden>
Fax-to-email: +44 (0)870 167 1972
Date: 20-Jan-04                                       Time: 09:24:59
------------------------------ XFMail ------------------------------

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Groff] Odd ms Macro Page Offset Register Behavior, (continued)
- Re: [Groff] Odd ms Macro Page Offset Register Behavior, Andrew J. Piziali, 2004/01/18
  - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Ted Harding, 2004/01/18
    - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Werner LEMBERG, 2004/01/19
    - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Ted Harding, 2004/01/19
    - [Groff] Did we get the BAGEL worm?, Meg McRoberts, 2004/01/20
    - [Groff] RE: Did we get the BAGEL worm?, Ted Harding <=
  - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Tadziu Hoffmann, 2004/01/19
  - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Werner LEMBERG, 2004/01/19
    - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Andrew J. Piziali, 2004/01/19
    - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Werner LEMBERG, 2004/01/19
    - Re: [Groff] Odd ms Macro Page Offset Register Behavior, Tadziu Hoffmann, 2004/01/20

Prev by Date: [Groff] Did we get the BAGEL worm?
Next by Date: Re: [Groff] Odd ms Macro Page Offset Register Behavior
Previous by thread: [Groff] Did we get the BAGEL worm?
Next by thread: Re: [Groff] Odd ms Macro Page Offset Register Behavior
Index(es):
- Date
- Thread