WORM_BAGLE.AZ is what Trend Net is referring to this as, there message to me this morning follows:
> As of January 27, 2005 1:42 AM PST (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AZ. TrendLabs has received several infection reports indicating that this malware is spreading in US, China, and Japan.
>
> This WORM_BAGLE variant arrives on a system as an email attachment. It sends copies of itself to all email addresses it gathers from files with certain extensions but skips those addresses that contain particular strings.
>
> ===============================
> Users must be wary of the email it sends that have the following details:
>
> Subject: (any of the following)
> Delivery service mail
> Delivery by mail
> Registration is accepted
> Is delivered mail
> You are made active
> Thanks for use of our software.
> Before use read the help
>
> Message body: (any of the following)
> Delivery service mail
> Delivery by mail
> Registration is accepted
> Is delivered mail
> You are made active
> Thanks for use of our software.
> Before use read the help
>
> Attachments: (any of the following file names)
> guupd02.exe
> Jol03.exe
> siupd02.exe
> upd02.exe
> viupd02.exe
> wsd01.exe
> zupd02.exe
>
> (with any of the following extensions)
> COM
> CPL
> EXE
> SCR
> ===============================
>
> The email is spoofed and may appear to have come from a familiar email address. As a general rule, users should avoid opening the attachments of unsolicited email.
>
> This worm drops a copy of itself using the following file names into the Windows system folder:
>
> sysformat.exe
> sysformat.exeopen
> sysformat.exeopenopen
> It also looks for folders that have the string shar then drops copies of itself using file names with EXE extensions into those folders.
>
> In addition, this worm terminates several processes, most of which are related to antivirus and security programs.
>
--
Craig Daters ([EMAIL PROTECTED]) Systems Administrator West Press Print Communications
1663 West Grant Road Tucson, Arizona 85705 (520) 624-4939 (520) 624-2715 fax
www.westpress.com
-- Please note: It is the policy of West Press that all e-mail sent to and from any @westpress.com address may be recorded and monitored. Unless it is West Press related business, please do not send any material of a private, personal, or confidential nature to this or any @westpress.com e-mail address.
This message has been scanned for UCE (spam), viruses, and dangerous content, and is believed to be clean.
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
