Virus Advisory: Network Associates McAfee AVERT Raises Risk Assessment to Medium on New W32/Bagle.ab@MM Virus
2004年5月11日 - 5:52AM
PRニュース・ワイアー (英語)
Virus Advisory: Network Associates McAfee AVERT Raises Risk
Assessment to Medium on New W32/Bagle.ab@MM Virus McAfee AVERT
Receives More Than 100 Customer Reports of the Virus In-the-Wild
BEAVERTON, Ore., May 10 /PRNewswire-FirstCall/ -- Network
Associates, Inc. the leading provider of intrusion prevention
solutions, today announced that McAfee(R) AVERT(TM) (Anti-virus and
Vulnerability Emergency Response Team), the world-class research
division of Network Associates(R), raised the risk assessment to
medium on the recently discovered W32/Bagle.ab@MM, also known as
Bagle.ab. This new variant is a mass-mailing worm that comes packed
using UPX in the form of a password protected .ZIP file. To date,
McAfee AVERT reports more than 100 reports of the virus being
stopped or infecting users from the field -- with the most number
of infected files being reported from the United States. The
samples received by McAfee AVERT have been from users versus the
virus, which is similar to other Bagle reports throughout the past
three months. Symptoms The Bagle.ab worm is a mass mailing threat
that harvests addresses from local files and then uses the
harvested addresses in the 'From' field to send itself. Once
activated, the worm copies itself to folders in the System
Directory that have the phrase "shar" in the name, such as common
peer-to-peer applications, and adds a registry key to the system
start-up. The worm then proceeds into the remote access component
of the virus, which listens to TCP port 2535 for remote
connections. Users should be very weary and should probably delete
any email containing the following: From: (address is spoofed)
Subject: -- Re: Msg reply -- Re: Hello -- Re: Yahoo! -- Re: Thank
you! -- Re: Thanks :) -- RE: Text message -- Re: Document --
Incoming message -- Re: Incoming Message -- RE: Incoming Msg -- RE:
Message Notify -- Notification -- Changes.. -- New changes --
Hidden message -- Fax Message Received -- Protected message -- RE:
Protected message -- Forum notify -- Site changes -- Re: Hi --
Encrypted document Body Text: (Uses various constructed strings)
Attachment: May be one of the following: -- Information -- Details
-- text_document -- Readme -- Document -- Info -- the_message --
Details -- MoreInfo -- Message -- You_will_answer_to_me --
Half_Live -- Counter_strike -- Loves_money -- the_message --
Alive_condom -- Joke -- Toy -- Nervous_illnesses -- Manufacture --
You_are_dismissed -- Your_complaint -- Your_money -- Smoke --
I_search_for_you Pathology After being executed, Bagle.ab emails
itself to addresses found on the infected host as a password
protected .ZIP file with the password included in the message body.
The virus listens on TCP port 2535 for remote connections. It
attempts to notify the author that the infected system is ready to
accept commands, by contacting various Web sites and calling a PHP
script on the remote sites. Cure Immediate information and cure for
this worm can be found online at the Network Associates McAfee
AVERT site located at http://vil.nai.com/vil/content/v_125089.htm.
McAfee AVERT is advising its customers to update to the 4354 or
higher DATs to stay protected from all the current Bagle threats.
McAfee AVERT Labs is one of the top-ranked anti-virus and
vulnerability research organizations in the world, employing
researchers in offices on five continents. McAfee AVERT protects
customers by developing and providing solutions that are created
through the combined efforts of McAfee AVERT researchers and McAfee
AVERT AutoImmune technology, which applies advanced heuristics,
generic detection and ActiveDAT technology to generate cures for
previously undiscovered viruses. About Network Associates With
headquarters in Santa Clara, California, Network Associates, Inc.
creates best-of-breed computer security solutions that prevent
intrusions on networks and protect computer systems from the next
generation of blended attacks and threats. Offering two families of
products, McAfee System Protection Solutions, securing desktops and
servers, and McAfee Network Protection Solutions, ensuring the
protection and performance of the corporate network, Network
Associates offers computer security to large enterprises,
governments, small and medium sized businesses, and consumers. For
more information, Network Associates can be reached at 972-963-8000
or on the Internet at http://www.networkassociates.com/. NOTE:
Network Associates, McAfee and AVERT are either registered
trademarks or trademarks of Network Associates, Inc. and/or its
affiliates in the United States and/or other countries. All other
registered and unregistered trademarks herein are the sole property
of their respective owners. (c)2004 Networks Associates Technology,
Inc. All Rights Reserved.
http://www.newscom.com/cgi-bin/prnh/20040426/MCAFEELOGO
http://photoarchive.ap.org/ DATASOURCE: Network Associates, Inc.
CONTACT: Tracy Ross of Network Associates, Inc., +1-408-346-5965 or
; or Kelly Delaney or Porter Novelli, +1-415-975-2229 or , for
Network Associates, Inc. Web site:
http://www.networkassociates.com/
Copyright
Cloudflare (NYSE:NET)
過去 株価チャート
から 9 2024 まで 10 2024
Cloudflare (NYSE:NET)
過去 株価チャート
から 10 2023 まで 10 2024