|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 03/03/2004 4:00 PM |
|
| What it is
There is a new version of the BEAGLE virus labeled w32.Beagle.J and .K by Symantec and BAGLE.J and BAGLE.K by McAfee and Trend Micro. This version disguises itself as a note from your system administrator, telling you your account has been deactivated, or that the mail system will be down, or a number of other replaceable messages. A Zip file is enclosed, and there is a password on the ZIP, and a key for the password inside the mail. Inside the zip file is your unfriendly neighborhood virus BEAGLE.J. As usual with such messages there are numerous misspellings in the main message.
The BEAGLE/BAGLE virus allows unimpeded access to your local machine from a remote site - once infected anything on your machine might be compromised. It is an especially dangerous security risk for this reason. The virus also spreads via file sharing programs such as bearshare and kazaa.
Here is what a typical message might look like (there are a number of different greetings and salutations that are combined together):
Hello user of Azcomputer.net e-mail server,
The next section might be any one of a number of greetings:
Your e-mail account has been temporary disabled because of unauthorized access.
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
Advanced details can be found in attached file.
In order to read the attach you have to use the following password: {A random number appears here}.
The Management,
The Azcomputer.net team http://www.azcomputer.net
What you should do
Delete it, don't open it, don't even try to decode the zip file. Do NOT open attachments inside ZIP files, even if they come encrypted unless you absolutely know what they are and who they came from. If you are infected you'll need to follow the procedures listed below to remove the infection. Since Beagle allows remote control and access to your computer you should consider any information on it compromised. Be sure you have updated signatures for your anti-virus, but be aware that the password protection of the ZIP file may prevent Norton and other programs from accessing the contents to check for an infection.
The latest version of Stinger will cure this infection if you are using McAfee.
Symantec users should download the latest scan files and run them. Additional info wasn't available at press time.
Instructions from Trend micro are at the link below.
More information
Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html
McAfee: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101071
McAfee's Stinger: http://vil.nai.com/vil/stinger/
Trend Micro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.K
This concludes this viruswarning notice,
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St. Ste B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
Cell number: 585-509-0284
|
|
|
|
|
Lee Drake
Posts:238
|
| 03/15/2004 10:12 PM |
|
| What it is
Yet another variant of the Bagel/beagle (O and P) virus which spreads via an infected ZIP file. This variant places the password for the zip file in a graphic (like many anti-spam sites do) ostensibly so that it can't be read by an antivirus program. Fortunately most antivirus programs just identify Bagel by it's compressed signature - there's no need to uncompress it to determine it's a virus. But you may see different email bodies flying around for this now old and tiresome virus, with enclosed graphics.
What to do
Update your antivirus software, be aware that these variants are out there.
Additional resources
http://news.com.com/2100-7355-5173129.html?part=dht&tag=ntop
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101098
This concludes this viruswarning update |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|