RE: New virus: Alua! (Bagle.B)

From: Sean Kelly (sean_at_itsecurityconsultant.com)
Date: 02/17/04

  • Next message: Dan Merillat: "Re: Something new? bind dos? exploit?"
    To: "'Seth Hall'" <shall@iotaengineering.com>, <incidents@securityfocus.com>
    Date: Tue, 17 Feb 2004 16:53:40 -0000
    
    
    

    Sophos has also got this but identifies it as Tanx.a

    Sean Kelly
    IT Security Consultant
     
    2 Tintern Street, Hanley, Stoke on Trent,
    Staffordshire. ST1 3QU. England.
     
    Email: sean@itsecurityconsultant.com
    Website: www.itsecurityconsultant.com
    GSM: (0044) 07792 982593
     
    This message contains confidential information and is intended only for
    the individual named. If you are not the named addressee you should not
    disseminate, distribute or copy this e-mail. Please notify the sender
    immediately by e-mail if you have received this e-mail by mistake and
    delete this e-mail from your system. E-mail transmission cannot be
    guaranteed to be secure or error-free as information could be
    intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
    contain viruses. The sender therefore does not accept liability for any
    errors or omissions in the contents of this message, which arise as a
    result of e-mail transmission. If verification is required please
    request a hard-copy version. IT Security Consultant, 2Tintern Street,
    Hanley, Stoke on Trent, Staffordshire. ST1 3QU England,
    www.itsecurityconsultant.com

    -----Original Message-----
    From: Seth Hall [mailto:shall@iotaengineering.com]
    Sent: 17 February 2004 16:45
    To: incidents@securityfocus.com
    Subject: Re: New virus: Alua! (Bagle.B)

    > Anyone got hit by this new virus yet?
    >
    > Any deep informations about it would be greatly appreciated! Do you
    know
    > what is the source code of the .php files it tries to execute on the
    > websites?

    Bitdefender has info on it, but no mention of .php files. From what it
    looks
    like (found at
    http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=193),
    it's a
    fairly standard exe-in-the-system32-folder, send itself to your address
    book
    type virus. It does launch Sound Recorder, though.

    Seth Hall

    ------------------------------------------------------------------------

    ---
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ------------------------------------------------------------------------
    ----
    _______________________________________________
    Scanned for all known viruses by Bucks Net
    in association with NetCleanse.
    Please consult http://www.bucks.net/av/ for more information.
    
    

    _______________________________________________
    Scanned for all known viruses by Bucks Net
    in association with NetCleanse.
    Please consult http://www.bucks.net/av/ for more information.



  • Next message: Dan Merillat: "Re: Something new? bind dos? exploit?"