Join the most popular community of UK swingers now
Login

Another Nasty Virus.

last reply
4 replies
727 views
3 watchers
0 likes
harry0
Orgasminator
Heads up people, another nasty is out and about.
MessageLabs, an Internet security firm, said it had detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours.
The computer virus, or worm, is contained in infected e-mails as an attachment.
The aim of the worm is to spread still further by looking for new e-mail addresses in the infected computer, such as in the user's list of contacts.
Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running.
Paul Wood, chief information security analyst at MessageLabs, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate."
Infected e-mails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =).
Analysis shows the worm has a cut-off date of January 28, a ploy used by hackers in the past to avoid detection.
The advice to users is to ensure they update their anti-virus software on a regular basis.
Copied from AOL Technology News.
Harry0
___________________________
evil :evil: :evil:
Bassdude
Sexlightened
Cheers for the advice Harryo...
Spot on.
8)
FredFlintstone
Sex God
Harry,
I'll add a bit more if it helps people.......
Its destructivity is low and it has a payload which exploits possible backdoor/update functionality. It's size is 15872 bytes. It will stop functioning January 28th 2004. When the worm is first executed, it checks whether the date is Jan 28th 2004 or later. If so, it quits and does nothing.
It copies itself to the Windows System directory under the name , and registers itself in the registry so that it is run from startup. If the worm is started normally it will now run the calculator program as camouflage.
The worm looks for email addresses in files that it finds in the local system and spoofs sender address.
There are 3 registry keys added and the worm sets up a thread on port 6777, listening for incoming connections. It is likely that this is a part of some update functionality.
There is a long list of 36 web addresses in the worm body and the worm will attempt to contact these sites with parameters describing port number it listens to and the user ID (which is a random string). However the list refers to php scripts which are not present at any of the sites in the list.
Fred
slimjim57
Warming the Bed
Hi all, Slim. Yep, well done boys.
Fran
Sexpert
Is Fred an anorak? discuss..........
rotflmao :rotflmao:
Fran wink You know I luv ya really
xxxxxxxxxxxxxx