VIRUS ALERT from TrendMicro

Submitted by Glen Conley on 03/15/2004 at 18:20. ( g.conley@verizon.net ) 67.200.29.165

Dear Trend Micro customer:

As of March 15, 2004 3:55 AM PST TrendLabs has declared a Yellow Alert to control the spread of PE_BAGLE.P.

This virus searches for files with certain extension names, from which it gathers target recipients. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email messages with a spoofed return address to the gathered email addresses and adds itself as an attachment.

This virus also spreads by dropping files in folders that have the text string "shar", for example, C:\Program Files\Kazaa\My Shared Folder. It attempts to prevent the automatic execution of NETSKY variants by deleting certain registry entries.

It has backdoor capabilities. It opens TCP port 2556 and waits for incoming commands from a remote user, who must send specially-crafted data or packets to be able to command this virus.

It also has the ability to terminate certain process, which are usually related to antivirus and firewall applications.

It runs on Windows 95, 98, ME, NT, 2000 and XP.

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 94
Official Pattern Release 819
Damage Cleanup Template 290

For more information on PE_BAGLE.P, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BAGLE.P
Please inform us if there are any infection reports in your region.

Return to The Taxidermy Industry Category Menu


Return to The Taxidermy Industry Category Menu