PT_Richard
20-01-2004, 12:58 PM
W32/Bagle@MM
seems to be doing the rounds.
Subject: Hi
Message:
Test =)
<Random characters>
--
Test, yep.
Filename: <Random>.exe
Filesize: 15,872 bytes
the from address will be spoofed such that it will appear to come from someone belonging to the same domain as the receiver.
Creates a listening thread on port 6777 (this port can change during the worm execution) that allows a remote attacker to:
- execute commands on the local system as if he were the current user
- download executables onto the local system
- terminate and delete the worm program
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.removal.tool.html
http://www3.ca.com/Solutions/Collateral.asp?CID=40387
seems to be doing the rounds.
Subject: Hi
Message:
Test =)
<Random characters>
--
Test, yep.
Filename: <Random>.exe
Filesize: 15,872 bytes
the from address will be spoofed such that it will appear to come from someone belonging to the same domain as the receiver.
Creates a listening thread on port 6777 (this port can change during the worm execution) that allows a remote attacker to:
- execute commands on the local system as if he were the current user
- download executables onto the local system
- terminate and delete the worm program
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.removal.tool.html
http://www3.ca.com/Solutions/Collateral.asp?CID=40387