ITS Knowledge Base

This Bagle variant bears the following characteristics:

• contains its own SMTP engine to construct outgoing messages

• harvests email addresses from the victim machine
• the From: address of messages is spoofed
• contains a remote access component (notification is sent to hacker)
• copies itself to folders that have the phrase share in the name (such as
• common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)

• encrypted polymorphic parasitic file infector

Extra McAfee Definition file to remove W32/Bagle.p@mm Save to your desktop and double click to install.

Click here for more information on W32/Bagle.p@MM virus on Network Associates site

This Bagle variant bears the following characteristics:

• contains its own SMTP engine to construct outgoing messages

• harvests email addresses from the victim machine
• the From: address of messages is spoofed
• contains a remote access component (notification is sent to hacker)
• copies itself to folders that have the phrase share in the name (such as
• common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)

• encrypted polymorphic parasitic file infector

Extra McAfee Definition file to remove W32/Bagle.p@mm Save to your desktop and double click to install.

Click here for more information on W32/Bagle.p@MM virus on Network Associates site

This Bagle variant bears the following characteristics:

• contains its own SMTP engine to construct outgoing messages

• harvests email addresses from the victim machine
• the From: address of messages is spoofed
• contains a remote access component (notification is sent to hacker)
• copies itself to folders that have the phrase share in the name (such as
• common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)

• encrypted polymorphic parasitic file infector

Extra McAfee Definition file to remove W32/Bagle.p@mm Save to your desktop and double click to install.

Click here for more information on W32/Bagle.p@MM virus on Network Associates site

A new virus has been released called W32/Sober.d@MM mailing worm posing as
an official Microsoft patch for the Mydoom virus. Watch for subject lines with the text “Microsoft Alarm: Please Read!” Note: Microsoft does not email patches.

The worm arrives as an executable attachment or inside a Zip archive. When run, it displays fake Windows warnings and error alerts. Using its own SMTP engine, W32/Sober.d@MM also mails itself to email addresses found on the infected computer.

This message from ITS is a REMINDER NOT TO OPEN ANY ATTACHMENTS and Microsoft does not send patches through email.

The definition file you should be running is Dat 4334 Save to your desktop and double click to install. This will protect you from this threat.
(more…)

A new virus has been released called W32/Sober.d@MM mailing worm posing as
an official Microsoft patch for the Mydoom virus. Watch for subject lines with the text “Microsoft Alarm: Please Read!” Note: Microsoft does not email patches.

The worm arrives as an executable attachment or inside a Zip archive. When run, it displays fake Windows warnings and error alerts. Using its own SMTP engine, W32/Sober.d@MM also mails itself to email addresses found on the infected computer.

This message from ITS is a REMINDER NOT TO OPEN ANY ATTACHMENTS and Microsoft does not send patches through email.

The definition file you should be running is Dat 4334 Save to your desktop and double click to install. This will protect you from this threat.
(more…)