search  current discussion  categories  business - money 

ot new bagle uses m$-outlook flaw: get patched!!!

updated sun 21 mar 04


Janet Kaiser on sat 20 mar 04

As an exception to the "do not discuss spam, viruses, worms, etc." I am
forwarding a warning, because I am already getting a great deal of this
type of infected mail sent to me (also to others in my name!) and the
knock-on consequences could be as bad as last summer's "melt down" IMO
(which is worth every penny of the amount you paid for it! :o)

Note that this is an "old" MS-OUTLOOK problem with the twist that **no
attachment is involved**, so just opening the post will infect machines
without the M$ patch. Old Timers will be familiar with this strategy, but
newbies will not. BTW the abbreviated/edited version of next =A7 onwards
was in my weekly Bulldog Newsletter from 18-iii-2004, so all you kiddies
with that Grisoft AV prog will have already heard. Oh, yes... There is also
reference to two specific examples of the phishing I mentioned a couple of
weeks ago... This represents a serious threat to your privacy, so please
read and inwardly digest! Oh, yes... DO NOT forget to tell the kids about
that "Xbox emulator offer" described right down the bottom... It is all
getting scarrier Folks, so dib, dib, dib... Be prepared!!!

ALL OUTLOOK USERS: Please download the patch given below A.S.A.P.!!!

Bulldog says: "A new Bagle virus spreads when a user simply opens an
infected e-mail or views it in the preview screen of an unpatched version
of Microsoft Outlook, ZDNet reports. Users no longer have to click on an
attachment to spread the Bagle virus because the latest variants are
exploiting an old flaw in Microsoft Outlook that allows the worm to spread
even more quickly.

Until the appearance of Bagle variants Q, R and S, users had to click on an
e-mailed attachment to be infected by the worm. The latest Bagle
incarnation has done away with the attachment altogether and because of
this change in tactics, experts fear the worm could spread very quickly.

This is a new twist to the known Bagle. The virus avoids having an
attachment, which otherwise tends to ring a security-bell in most users
minds. Instead it uses a wide-spread vulnerability to simply download
itself directly from already infected computers, as soon as you open the
e-mail. Read the full story:

Get the Microsoft patch in question:

Three new Bagle variants (N, O and P) discovered over the weekend differ
from previous incarnations because they use an anti-Spam trick to try and
avoid detection by antivirus software, but experts believe that the attempt
won't succeed, ZDNet UK reports.

The new versions of the worm arrive under the guise of an encrypted Zip
file with a password included in the form of a graphic or picture file, so
a simple text scan of the infected email would not find the password. This
trick is commonly used by Web sites when displaying email addresses to hide
from Web-bots that trawl the Internet looking for potential spam targets. A
senior technology consultant at Sophos, told ZDNet UK it is ironic that the
Bagle author is using an anti-spam trick against the "good guys", but said
it won't present a big problem for antivirus companies.

Read the full story:,39020375,39149030,00.htm

A recent surge of Trojans has its collective eyes on your bank account and
personal information, PC Pro reports. 'There's no doubt that we are seeing
an increase in interest amongst the malware writing community in Trojan
horses and hacking into remote computers. It is more and more common today
to find a piece of malware has a "phishing" payload designed to steal
confidential data from the infected computer,' said Graham Cluley, senior
technology consultant at Sophos. The company has issued alerts for five new
Trojans in the last couple of days, with more discovered today. And they
are using an array of methods to entice victims to run them. Bereb-B, for
example, claims to be an X-box emulator that will let you play Xbox games
on your computer. Small-Al captures key presses when the user visits web
sites containing commonly used banks and banking systems in the browser's
title bar. 'It really highlights the need not just for antivirus on the
desktop but also a personal firewall,' concluded Cluley.

End of very long quote, but hope it helps Claybuddies practice safe
Well, just take care...


Janet Kaiser
The Chapel of Art : Capel Celfyddyd
8 Marine Crescent : Criccieth : Wales : UK
Home of The International Potters' Path
Tel: ++44 (01766) 523570

************* Virus Protection by AVG *****************
Make them stop stealing water for their
bottling plant in Southern India!!
"A world in perfect harmony"? So what happened?