New Worm threat...

[S.Z.Craftec]

I just received this e-mail on my global company's account from Trend Micro (my company uses that antivirus to protect their servers):

-----Original Message-----
From: Trend Micro Newsletters Editor [mailto:newsletters@trendmicro.rsc03.com]
Sent: Mon 05/07/2004 8:55 AM
To: CANACOMP
Cc:
Subject: Spam: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD

Dear Trend Micro customer,

As of 2:40 AM July 5, 2004 (GMT -07:00; Daylight Savings Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AD. TrendLabs has received several infection reports indicating that this worm is spreading in Japan, Korea, and Taiwan.

This worm is known to spread via email using its own Simple Mail Transfer Protocol (SMTP) engine. It also spreads via network shares. It drops copies of itself as the following files in the Windows system folder:

        loader_name.exe
        loader_name.exeopen
        loader_name.exeopenopen
       
Its email arrives with any of the following lines as subject:

        Re: Msg reply
        Re: Hello
        Re: Yahoo!
        Re: Thank you!
        Re: Thanks :_)
        RE: Text message
        Re: Document
        Incoming message
        Re: Incoming Message
        RE: Incoming Msg
        RE: Message Notify
        Notification
        Changes..
        Update
        Fax Message
        Protected message
        RE: Protected message
        Forum notify
        Site changes
        Re: Hi
        Encrypted document

TrendLabs will be releasing the following EPS deliverables:

        TMCM Outbreak Prevention Policy 118
        0fficial Pattern Release 927 - released 3:15 AM July 5, 2004
        Damage Cleanup Template 367
        NVW pattern 10130


For more information on WORM_BAGLE.AD, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AD

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED by July 2004. Click http://www.trendmicro.com/npf for details!
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

To unsubscribe from Trend Micro's Newsletters Editor:
    http://trendnewsletter.rsc03.net/servlet/optout?mgLDWTWDUEOpJmhkFJHgHJhtiDJhtE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/website/PersonalizedForm?mgLEwkLMLkLgJL9LgmLk.40hktELtHpsEOpJmhkFJHgHJhtiDJhtEhE3vyf_87.3de.26_7.2e_z18z


To view our permission marketing policy:
    http://www.rsvp0.net

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

Cheers !

[Eddy]

Bagle aka Beagle, looks like this is just a new variant of it.

[S.Z.Craftec]

Yes, I'm not sure, but you can see the date when they alarmed my company (Mon 05/07/2004 8:55 AM)...

I just want to be sure that Alwil are informed about that...

[S.Z.Craftec]

Artras, See this thread:

http://forum.avast.com/index.php?board=9;action=display;threadid=5685;start=60

Searh for my reply #66. You'll find your national flag, so you can put it in your signature...

Check that thread also for instructions on how to put it in your signature, in case you don't know... (reply #61)

Sasha

[Stephan123]

Avast has not a update yet ???Why not

Only for the Win32:Beagle-AC variant

[whocares]

Avast has not a update yet

How do you know ?
Trend list's aliases for its "AD"-Variant with suffix/letters ranging from
.AA to .BA

so probably, avast just counts differently and Trend's "Bagle.AD" is included as "Beagle-AC" or "Beagle-AB", especially if you look at the date of the VPS (07-07)..

For extensive discussions about differences in virus/variants naming conventions:
-> Please use the board-search

[Stephan123]

Okey:-)