RE: New virus: Alua! (Bagle.B)

From: Sean Kelly (sean_at_itsecurityconsultant.com)
Date: 02/17/04

  • Next message: Dan Merillat: "Re: Something new? bind dos? exploit?"
    To: "'Seth Hall'" <shall@iotaengineering.com>, <incidents@securityfocus.com>
    Date: Tue, 17 Feb 2004 16:53:40 -0000
    
    
    

    Sophos has also got this but identifies it as Tanx.a

    Sean Kelly
    IT Security Consultant
     
    2 Tintern Street, Hanley, Stoke on Trent,
    Staffordshire. ST1 3QU. England.
     
    Email: sean@itsecurityconsultant.com
    Website: www.itsecurityconsultant.com
    GSM: (0044) 07792 982593
     
    This message contains confidential information and is intended only for
    the individual named. If you are not the named addressee you should not
    disseminate, distribute or copy this e-mail. Please notify the sender
    immediately by e-mail if you have received this e-mail by mistake and
    delete this e-mail from your system. E-mail transmission cannot be
    guaranteed to be secure or error-free as information could be
    intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
    contain viruses. The sender therefore does not accept liability for any
    errors or omissions in the contents of this message, which arise as a
    result of e-mail transmission. If verification is required please
    request a hard-copy version. IT Security Consultant, 2Tintern Street,
    Hanley, Stoke on Trent, Staffordshire. ST1 3QU England,
    www.itsecurityconsultant.com

    -----Original Message-----
    From: Seth Hall [mailto:shall@iotaengineering.com]
    Sent: 17 February 2004 16:45
    To: incidents@securityfocus.com
    Subject: Re: New virus: Alua! (Bagle.B)

    > Anyone got hit by this new virus yet?
    >
    > Any deep informations about it would be greatly appreciated! Do you
    know
    > what is the source code of the .php files it tries to execute on the
    > websites?

    Bitdefender has info on it, but no mention of .php files. From what it
    looks
    like (found at
    http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=193),
    it's a
    fairly standard exe-in-the-system32-folder, send itself to your address
    book
    type virus. It does launch Sound Recorder, though.

    Seth Hall

    ------------------------------------------------------------------------

    ---
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ------------------------------------------------------------------------
    ----
    _______________________________________________
    Scanned for all known viruses by Bucks Net
    in association with NetCleanse.
    Please consult http://www.bucks.net/av/ for more information.
    
    

    _______________________________________________
    Scanned for all known viruses by Bucks Net
    in association with NetCleanse.
    Please consult http://www.bucks.net/av/ for more information.



  • Next message: Dan Merillat: "Re: Something new? bind dos? exploit?"

    Relevant Pages

    • RE: Pen-Test and Social Engineering
      ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: Pen-Test and Social Engineering
      ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: Nortel Contivity 2600
      ... simplicity and security is a combination of things that have been suggested. ... Put the inside interface in a DMZ of its own with an IPS device between ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • RE: Windows XP SP2 and Security Tools
      ... issues that were in SP2. ... Windows XP SP2 and Security Tools ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
      (Pen-Test)
    • RE: User Education (was: New article on SecurityFocus)
      ... Those responsible for the education ... > security relates to their job - about the only time they run into it is ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)