[68034] in North American Network Operators' Group
Re: Possibly yet another MS mail worm
daemon@ATHENA.MIT.EDU (Todd Vierling)
Sat Feb 28 15:59:52 2004
Date: Sat, 28 Feb 2004 15:59:11 -0500 (EST)
From: Todd Vierling <tv@duh.org>
To: nanog@merit.edu
In-Reply-To: <20040228064242.GA14531@isomedia.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 27 Feb 2004, Stephen Milton wrote:
: Yes, I got that one too. To my peering alias by coincidence. ClamAV
: identifies it as "Worm.Bagle.A2". ClamAV added it the database today,
: and mentioned that it was not in most signature databases yet.
Yah, "Bagle.C" is the notation used by F-Secure. This is indeed what it
was.
It's annoying how easily these things spread even though they don't rely on
a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*, so
it requires opening the zipfile and then running the program inside it. Of
course everyone will run it, even though it's named dygfwefuih.exe (random
characters before .exe). <grumble>
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com>
