PDA

Visualizza versione completa : W32.Bagle.AA/AB - Allerta 5 - Update


Giorgius
29-04-2004, 18.36.53
http://vil.nai.com/images/122415b.gif

Aliases:
W32/Bagle.AB.worm (Panda Software), W32.Beagle.X@mm (Symantec), W32/Bagle.aa@MM (McAfee), WORM_BAGLE.Z (Trend Micro), W32/Bagle-AA (Sophos), I-Worm.Bagle.y (Kaspersky (viruslist.com)), Win32.Bagle.X (Computer Associates), HTML_BAGLE.Z (Otros), VBS_BAGLE.Z (Otros), I-Worm/Bagle.AB (Kaspersky (viruslist.com)), Win32.Beagle-Z (Otros), Worm/Bagle.AA (Otros), Win32/Bagle.AB (Otros), W32/Bagle.aa@MM (Otros), I-Worm.Bagle.z (Kaspersky (viruslist.com)), Win32/Bagle.Z@mm (Otros), W32/Bagle-AA (Otros), Win32.Bagle.X (Computer Associates), Win32/Bagle.X.dropper (Otros), W32/Bagle.z!vbs (Otros)

Effetti:
This is a new variant of W32/Bagle@MM. It is packed using UPX.
This is a mass-mailing worm with the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
attachment can be a password-protected zip file, with the password included in the message body.
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)

Info:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=124875
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3845&PHPSESSID=1015a4f55fa1a8feb63fa4f447ffc9f7
http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=39002
http://www.pandasoftware.es/virus_info/enciclopedia/verficha.aspx?idvirus=46740&sind=0
http://www.sophos.com/virusinfo/analyses/w32bagleaa.html
http://www.viruslist.com/eng/alert.html?id=1406206



Aggiornamento AntiVirus al 29/04/04 ;)(Y)

Giorgius
29-04-2004, 18.38.21
Tool di rimozione:
Stinger: http://download.nai.com/products/mcafee-avert/stinger.exe
Ikarus: http://download.ikarus.at/remover/IkarusRem_Bagle.exe
Pspl: http://www.pspl.com/download/cleanbg.exe

Sniffer Tool:
Filters have been developed that will look for Bagle traffic [Sniffer Distributed 4.1/4.2/4.3, Sniffer Portable 4.7/4.7.5, and Netasyst].
http://download.nai.com/products/mcafee-avert/sniffer/W23_Bagle.aa@MM%20-%20Sniffer%20Filters.zip

Giorgius
29-04-2004, 20.33.28
Roma, 29 apr. (Adnkronos Multimedia/ITnews) - McAfee AVERT, la divisione di ricerca anti-virus di Network Associates, ha elevato la valutazione di rischio a MEDIA per il virus W32/Bagle.aa@MM, conosciuto anche come Bagle.aa. Questa nuova variante e' un worm mass-mailing che si presenta compresso utilizzando UPX e con un file CPL allegato. Attualmente, McAfee AVERT ha ricevuto quasi 200 segnalazioni del virus in poche ore, sia da utenti infetti che da report di identificazione e neutralizzazione di Bagle.aa. Gli esempi, rilevati da McAfee AVERT, arrivano da utenti infetti principalmente in Europa. Le segnalazioni sono provenienti dagli utenti stessi. Questa nuova versione di Bagle e' simile ad altre rilevate durante gli ultimi tre mesi. (Mak/Adnkronos)