Avast WEBforum

Other => Viruses and worms => Topic started by: MWassef on March 15, 2004, 04:08:09 PM

Title: Win32.Bagle.O is out
Post by: MWassef on March 15, 2004, 04:08:09 PM: http://www3.ca.com/virusinfo/virus.aspx?ID=38576 (http://www3.ca.com/virusinfo/virus.aspx?ID=38576)
Title: Re:Win32.Bagle.O is out
Post by: Pavel Baudis on March 15, 2004, 04:35:32 PM: Quote from: minacross on March 15, 2004, 04:08:09 PM
http://www3.ca.com/virusinfo/virus.aspx?ID=38576 (http://www3.ca.com/virusinfo/virus.aspx?ID=38576)

Actually, there are several new Beable variants out since yesterday - the latest updates covers them all.... (and yes - there is a big naming mess in the latest variants from different AV companies)...

Pavel
Title: Re:Win32.Bagle.O is out
Post by: MWassef on March 15, 2004, 05:54:02 PM: thanx for the info Pavel ;D
Title: Re:Win32.Bagle.O is out
Post by: RejZoR on March 15, 2004, 08:37:40 PM: Was such naming ever used? What when you'll use all the letters? This year is really full of worms and viruses. But its kinda pointless since AVs detect them easily.
Title: Re:Win32.Bagle.O is out
Post by: Summoner Yuna on March 15, 2004, 09:25:31 PM: well this is a war between the virus authors hence all the worms
Title: Re:Win32.Bagle.O is out
Post by: RejZoR on March 15, 2004, 09:37:07 PM: Heh than they should make something revolutionary like it was Tequila virus some years ago (first polymorphic virus),not all-the-same-with-different-letter viruses. Its stupid ::)
Title: Re:Win32.Bagle.O is out
Post by: Pavel Baudis on March 15, 2004, 10:18:27 PM: Quote from: RejZoR on March 15, 2004, 08:37:40 PM
Was such naming ever used? What when you'll use all the letters?

Well, that's easy - after .Z you will get .AA, .AB,.. .AZ, then .BA and so on and after .ZZ comes .AAA :D

Actually, some macro viruses families came quite close to three letter variants...

Pavel
Title: Re:Win32.Bagle.O is out
Post by: RejZoR on March 15, 2004, 10:43:54 PM: Interesting hehe ;)
Title: Re:Win32.Bagle.O is out
Post by: rastan on March 16, 2004, 03:53:45 AM: got this from Trend today:

PE_BAGLE.P

This virus searches for files with certain extension names, from which it gathers target recipients. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email messages with a spoofed return address to the gathered email addresses and adds itself as an attachment.

This virus also spreads by dropping files in folders that have the text string "shar", for example, C:\Program Files\Kazaa\My Shared Folder. It attempts to prevent the automatic execution of NETSKY variants by deleting certain registry entries.

It has backdoor capabilities. It opens TCP port 2556 and waits for incoming commands from a remote user, who must send specially-crafted data or packets to be able to command this virus.

It also has the ability to terminate certain process, which are usually related to antivirus and firewall applications.

It runs on Windows 95, 98, ME, NT, 2000 and XP.