[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <69238072156.20040126122955@tolna.net>
From: pappgeza at tolna.net (Papp Geza)
Subject: News from Bagle worm
Hy,
News from :Win32/Bagle.A
Own experiences:
The worm is launched, it copies itself into the Windows directory and
attempts to download and launch Mitglieder, a Trojan proxy server, on
the infected machine. This proxy server allows the 'master' to use the
infected machine as a platform to send more copies of the malicious
code. Currently, all links to Internet sources for downloading Mitglieder
are deleted. Thus, I-Worm.Bagle cannot use this technology to increase
propagation speed. As a result, at this time, I-Worm.Bagle is using a
technique standard for Trojan programs. Bagle scans the file system on
infected machines for files with extensions wab, txt, htm and r1. The
worm then sends copies of itself to all email addresses that it uncovers,
using a built in SMTP server. The worm backdoor functionality opens port
6777 ready to accept incoming connections from a remote user, giving
unauthorized access to an affected machine, however, this does not
appear to function properly.
If the worm does not make way leaf, at that time lies going over also
the regional network. Infection activity's time allocated - the worm is
active only if the system date is set to be prior January 28 th 2004.
Therefore his several time is, how able change the system time other
date. This is substantial, that activity worm. Antivirus detects programme
the start the system time false stood through ahead of what the worm him.
This deviates routine, warrants dared ahead of the worm every other detrimental
activity that, so that is for a long time active. This dared interesting that,
instead of him that, so that worm would close, for the first time anti virus
programme off, system makes longer own activism time's modification, may not
be his rise.. That way worm gets the several time, so that is able that, so
that the anti virus neutralises programme, all of system viruses' gainst
protection how.
--
?dv?zlettel,
Geysap mailto:pappgeza@...na.net
www.gyik.com
"VIRUS CORE TEAM"
====================================
Fiat justitia, pereat mundus!
------------------------------------
we protect your digital worlds...
====================================
Powered by blists - more mailing lists