Anti Spam & Anti Virus protection for UK business - ArmourPlate Anti Spam & Virus from Corpex Anti Spam & Anti Virus - ArmourPlate
HOME  ABOUT  WHY ARMOURPLATE  EMAIL ARCHIVING  ANTI SPAM  ANTI VIRUS  PARTNERS  LOGIN 
 
    Corpex & ArmourPlate | Testimonials | Technology Partners  Why ArmourPlate | How It Works | User Interface | Small Business | Corporates | ISPs  Email Archiving | How It Works | Key Features | User Interface | Reports & Whitepapers | FAQs  Anti Spam | How It Works | Key Features | User Interface | FAQs  Anti Virus | How It Works | Key Features | User Interface | FAQs  Introduction | ISP Partner | Systems Partner | VAR Partner | Application Form   
 CONTACT US
 Another Bagle, Another Epidemic - 27/01/2005

Another new modification of the Bagle worm: Bagle.ay. has been detected. This new variant is spreading rapidly, and has already caused a serious outbreak.

Bagle.ay spreads via the Internet as an attachment to infected email messages. The worm itself is a Windows executable file of 19KB. It is attached to messages which come with one of the following subjects: "Delivery service mail", "Delivery by mail", "Registration is accepted", "Is delivered mail", "You are made active". The message itself will read either "Thanks for use of our software" or "Before use read the help". The attachment name is chosen from the following: 'wsd01, viupd02, siupd02, guupd02, zupd02, upd02, Jol03'

The worm is activated when a user opens the attachment - this will launch the infected file. The worm then copies itself to the Windows system directory, and registers this file in the system registry. Bagle.ay will also terminate processes which protect the victim machine and the local subnetwork. This leaves the infected machine vulnerable to further attacks by malicious code.

Bagle.ay uses a standard propagation routine to spread. It scans the victim machine's file system to harvest email addresses, and then sends itself to these addresses. However, it does not send itself to addresses which appear to be connected with the antivirus industry or major software developers. This explains why antivirus companies have received relatively few samples of this new version of Bagle. The worm connects directly to SMTP servers to send infected messages.

In order to spread more widely, the worm also propagates via P2P networks and shared network resources. It searches for directories which contain 'shar' in their names. Bagle.ay will then place itself in these files under names which are similar to those of popular applications and utilities.

Detection for Bagle.ay has already been added to Corpex's anti-virus databases. Users are advised to ensure that they update their pcs with antivirus programs to minimise the risk of attack and halt the spread of this new worm.

Corpex recommends home computer users as well as companies protect their computers with a consolidated solution to thwart virus and spam threats as well as secure their desktop and servers with updated anti-virus and anti-spam protection such as Armour Plate.

Source: Kaspersky Labs

BACK TO NEWS MENU   VIEW NEXT ARTICLE
Anti Spam & Anti Virus - ArmourPlate
CURRENT VIRUS OUTBREAK WARNING 

VIRUS ACTIVITY = NORMAL
VIEW THE LATEST UK VIRUS & SPAM NEWS
Spammers indicted in the US - [04/01/2008] [MORE ]
Storm Worm Copycat Gang kick up their own ‘Storm’  - [28/11/2007] [MORE ]
YouTube turned into spam relay channel  - [05/10/2007] [MORE ]
DOWNLOAD DATA SHEETS FOR EMAIL ARCHIVING, ANTI SPAM & ANTI VIRUS
HOME | ABOUT | PARTNERS | CONTACT | SITE MAP
© 1996 - 2008 Corpex Ltd.
Anti Spam & Anti Virus protection for UK business - ArmourPlate Anti Spam & Anti Virus
Visit Corpex Germany: