ALERTE : Bagle Z !!
ALERTE : Bagle Z !! - Sécurité - Windows & Software
Marsh Posté le 28-04-2004 à 16:41:21
Reply
Marsh Posté le 28-04-2004 à 16:42:44
y a un topic unique de veille sur les virus et les failles 
http://forum.hardware.fr/hardwaref [...] 7976-1.htm
Sujets relatifs:
- alerte au spam :/
- Alerte aux po up, j'en ai trop marre !!!
- alerte virus !
- configuration du gestionnnaire d'alerte de ARCSERVE 2000
- Pc cillin alerte toutes les 5min...
- Remontée d'alerte lors d'une panne disque
- Urgent ! XP m'alerte qu'un virus est détecté... et aucun AV ne le trou
- Alerte ! J'envoie des SMS torrides à ... je ne sais qui !! Help !
- Diffusion rapide du nouveau ver Bagle-B
- Alerte Espace disque sous XP
Marsh Posté le 28-04-2004 à 16:39:01
As of April 28, 2004 4:46 AM PST, TrendLabs has received several infection reports of this BAGLE variant spreading in the US.
This memory-resident worm spreads via email and network shares. Upon execution, it drops a copy of itself using the following file names in the Windows system folder:
DRVDDLL.EXE
DRVDDLL.EXEOPEN
DRVDDLL.EXEOPENOPEN
It uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate. The email it sends out contains the following details:
Subject: (any of the following)
·Changes..
·Fax Message Received
·Forum notify
·Hidden message
·Incoming message
·New changes
·Notification
·Protected message
·Re: Document
·Re: Hello
·Re: Hi
·Re: Incoming Message
·RE: Incoming Msg
·RE: Message Notify
·Re: Msg reply
·RE: Protected message
·RE: Text message
·Re: Thank you!
·Re: Thanks
·Re: Yahoo!
·Site changes
Message body: (any of the following)
·For security reasons attached file is password protected. The password is <jpeg password>
·For security purposes the attached file is password protected. Password -- <jpeg password>
·Note: Use password to open archive.
·Attached file is protected with the password for security reasons. Password is <jpeg password>
·In order to read the attach you have to use the following password: <jpeg password>
·Archive password: <jpeg password>
·Password - <jpeg password>
·Password: <jpeg password>
(Note: <jpeg password> is the password of the zip password protected file in attached in the email and displays it in jpeg format.)
Attachment: (any of the following)
·Alive_condom
·Counter_strike
·Details
·Details
·Document
·Half_Live
·I_search_for_you
·Information
·Loves_money
·Manufacture
·Message
·MoreInfo
·Nervous_illnesses
·Readme
·Smoke
·text_document
·the_message
·the_message
·You_are_dismissed
·You_will_answer_to_me
·Your_complaint
·Your_money
The attachment can have any of the following extension names:
·COM
·CPL
·EXE
·HTA
·SCR
·VBS
·ZIP
Attention pas de mise à jour chez mcafee pour le moment ! Trendmicro malgré une mise à jour récente ne peut rien faire. Nous en recevons actuellement 600 / minutes sur notre réseau
Message édité par Falconpage le 28-04-2004 à 16:39:50