Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

VIRUS ADVISORY: McAfee AVERT raises assessment to medium on new W32/BAGLE.E@MM virus

  • 01 March, 2004 11:15

<p>For further information or comment, please contact Allan Bell directly on the details below:</p>
<p>Allan Bell - Marketing Director</p>
<p>Network Associates</p>
<p>0412 411 929 or
02 9761 4229</p>
<p>Mass Mailer W32/Bagle.e@MM Raised to Medium Based on Prevalence</p>
<p>SYDNEY, March 1, 2004 – Network Associates, the leading provider of intrusion prevention solutions, today announced that McAfee AVERT (Anti-Virus and Vulnerability Emergency Response Team), the world-class anti-virus research division of Network Associates, raised the risk assessment to medium on the recently discovered W32/Bagle.e@MM, also known as Bagle.e. This new variant uses its own SMTP engine to construct outgoing messages and contains a remote access component. It has the same functionalities as one of its predecessors, the W32/Bagle.c@MM variant, which is also currently rated as a medium risk threat. However, it uses different file names to write to the local machine and contains a different file size.</p>
<p>McAfee AVERT researchers first saw Bagle.e yesterday and to date, McAfee AVERT has received over 100 submissions from the McAfee Security customer base. Many users have reported stopping the virus by not allowing files types, such as the one used by this threat and other viruses, into their environment—a practice that McAfee AVERT highly recommends. McAfee AVERT is also seeing increased prevalence on W32/Bagle.f@MM and W32/Bagle.g@MM, which are currently rated at low. Other variants in the Bagle family continue to infect and spread through the Internet. McAfee AVERT is advising its customers to update to the 4330 DATs to stay protected from all the current Bagle threats.</p>
<p>Symptoms</p>
<p>The Bagle.e worm is an Internet mass mailer that harvests addresses from local files and then uses the harvested addresses in the ‘From’ field and sends itself using its own SMTP engine. The next recipient is thus unable to see the true sender. The worm then proceeds into the remote access component of the virus, which listens on TCP port 2745 for remote connections. Users should delete any email containing the following:</p>
<p>From: (address is spoofed)</p>
<p>Body: (Message body is empty)</p>
<p>Subject:</p>
<p>Accounts department</p>
<p>Ahtung!</p>
<p>Camila</p>
<p>Daily activity report</p>
<p>Flayers among us</p>
<p>Freedom for everyone</p>
<p>From Hair-cutter</p>
<p>From me</p>
<p>Greet the day</p>
<p>Hardware devices price-list</p>
<p>Hello my friend</p>
<p>Hi!</p>
<p>Jenny</p>
<p>Jessica</p>
<p>Looking for the report</p>
<p>Maria</p>
<p>Melissa</p>
<p>Monthly incomings summary</p>
<p>New Price-list</p>
<p>Price</p>
<p>Price list</p>
<p>Pricelist</p>
<p>Price-list</p>
<p>Proclivity to servitude</p>
<p>Registration confirmation</p>
<p>The account</p>
<p>The employee</p>
<p>The summary</p>
<p>USA government abolishes the capital punishment</p>
<p>Weekly activity report</p>
<p>Well...</p>
<p>You are dismissed</p>
<p>You really love me? he he</p>
<p>Pathology</p>
<p>After being executed, Bagle.e emails itself to addresses found on the infected host using the filename .ADB, .ASP, .CFG, .DBX, .EML, .HTM, .HTML, .MDX, .MMF, .NCH, .ODS, .PHP, .PL, .SHT, .TXT and .WAB. The filenames listed are the file types that Bagle.e harvests e-mail addresses from. The file name is sent as a text file in the form of a .ZIP. Upon running the file, Notepad.exe is opened with a blank window. However, the virus avoids sending itself to addresses containing @hotmail.com, @msn.com, @microsoft, @avp, noreply, local, root@ and postmaster@. The worm goes completely inactive on the first reboot after March 25, 2004.</p>
<p>Cure</p>
<p>Immediate information and cure for this worm can be found online at the Network Associates McAfee AVERT site located at http://vil.nai.com/vil/content/v_101061.htm.</p>
<p>Network Associates McAfee Protection-in-Depth Strategy delivers the industry’s only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block these types of attacks. This allows customers to protect themselves while they plan their patch deployment strategy.</p>
<p>McAfee AVERT Labs is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing more than 100 researchers in offices on five continents. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.</p>
<p>About Network Associates
With headquarters in Santa Clara, California, Network Associates, Inc. creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers. For more information, Network Associates can be reached on the Internet at http://www.networkassociates.com.</p>
<p>##ENDS##</p>
<p>NOTE: Network Associates, McAfee and AVERT are either registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. *2004 Networks Associates Technology, Inc. All Rights Reserved.</p>

Most Popular

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?