[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] New Virus probably Bagle.Q
- To: "Helmut Hauser" <helmut_hauser@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] New Virus probably Bagle.Q
- From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@xxxxxxxxx>
- Date: Thu, 18 Mar 2004 18:54:26 -0800
From: "Helmut Hauser" <helmut_hauser@xxxxxxxxxxx>
Date sent: Thu, 18 Mar 2004 11:08:44 +0100
> link to virus is ...
> http://blah.blah.blah:81/100721.php
The php is a dead giveaway: this is probably Bagle.Q et al. (The message
probably
had object tags around this, correct?) The infected machine will download a
script: the script will download a (seemingly innocuous) file, and then rename
it
and invoke it. Then *you* start sending out email like that :-)
> Host is in Korea, abuse warning has been sent.
Have you also contacted the ISP? The machine owner is probably unaware of
what is going on. (The samples I've got are from Korea as well.)
====================== (quote inserted randomly by Pegasus Mailer)
rslade@xxxxxxxxx slade@xxxxxxxxxxxxxx rslade@xxxxxxxxxxxxxxxx
Those are my principles. If you don't like them I have others.
- Groucho Marx
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html