«

"Hackers have spammed out multiple new variants of the Bagle Trojan to
millions of email addresses this week. The attacks came in two waves on
Monday and Tuesday and forced many anti-virus firms to issue multiple
signature updates over a greatly compressed period.'

http://www.securityfocus.com/news/11325

Imhotep

On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
wrote:

>"Hackers have spammed out multiple new variants of the Bagle Trojan to
>millions of email addresses this week. The attacks came in two waves on
>Monday and Tuesday and forced many anti-virus firms to issue multiple
>signature updates over a greatly compressed period.'
>
>http://www.securityfocus.com/news/11325

I believe you remove ALL executable attachments from email
rather than scanning them for malware.

--
Jim Watt
http://www.gibnet.com

"Jim Watt" <_way> wrote in message
news:...
> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
> wrote:
>
> >"Hackers have spammed out multiple new variants of the Bagle Trojan to
> >millions of email addresses this week. The attacks came in two waves on
> >Monday and Tuesday and forced many anti-virus firms to issue multiple
> >signature updates over a greatly compressed period.'
> >
> >http://www.securityfocus.com/news/11325
>
> I believe you remove ALL executable attachments from email
> rather than scanning them for malware.

If they're the one's I /think/ they are, then they're packaged as ZIPs.

I've been seeing a fairly constant stream (one or two a day). No peaks.

Couldn't find the original story at El Reg (they usually attribute), but I
did find something interesting:

http://www.theregister.co.uk/2005/09..._security_bug/

Fairly standard "arbitrary command" vuln.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

On Sat, 24 Sep 2005 10:47:30 +0200, Jim Watt <_way>
wrote:

>On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
>wrote:
>
>>"Hackers have spammed out multiple new variants of the Bagle Trojan to
>>millions of email addresses this week. The attacks came in two waves on
>>Monday and Tuesday and forced many anti-virus firms to issue multiple
>>signature updates over a greatly compressed period.'
>>
>>http://www.securityfocus.com/news/11325
>
>I believe you remove ALL executable attachments from email
>rather than scanning them for malware.

The best advice to average users is to delete all unsolicted email
attackments. There are various ways of hiding actual file extensions.
Some malware comes as:

purtygurl.jpg .exe

for one example where spaces are used to hide the .exe extension.

Another trick is to use the scrap file extension .SHS which Windows
hides:

purtygurl.jpg.shs

appears in Windows as:

purtygurl.jpg

and the actual scrap file _ is_ executeable. The same can be done
with .SHB files.

Perhaps the most powerful piece of social engineering of late has
been the malware with a message seeming to come from your ISP
containing a attackment which you are encouraged to open. The
variations on this theme are amazingly real looking, and it's no
wonder average users will unzip and open and Run the attackment.

Art

http://home.epix.net/~artnpeg

Jim Watt wrote:

> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
> wrote:
>
>>"Hackers have spammed out multiple new variants of the Bagle Trojan to
>>millions of email addresses this week. The attacks came in two waves on
>>Monday and Tuesday and forced many anti-virus firms to issue multiple
>>signature updates over a greatly compressed period.'
>>
>>http://www.securityfocus.com/news/11325
>
> I believe you remove ALL executable attachments from email
> rather than scanning them for malware.
>
> --
> Jim Watt
> http://www.gibnet.com

I do (in a corporate environment), it just makes sense...I guess it is
people at home that may not have that option....

Imhitep

On Sat, 24 Sep 2005 13:15:30 GMT, "Hairy One Kenobi"
<abuse@[127.0.0.1]> wrote:

>
>"Jim Watt" <_way> wrote in message
>news:.. .
>> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
>> wrote:
>>
>> >"Hackers have spammed out multiple new variants of the Bagle Trojan to
>> >millions of email addresses this week. The attacks came in two waves on
>> >Monday and Tuesday and forced many anti-virus firms to issue multiple
>> >signature updates over a greatly compressed period.'
>> >
>> >http://www.securityfocus.com/news/11325
>>
>> I believe you remove ALL executable attachments from email
>> rather than scanning them for malware.
>
>If they're the one's I /think/ they are, then they're packaged as ZIPs.

I filter them too and receive them by appointment only

Although zips were a godsend in the days of BBS's they are
past their best-by date today. Most of the files I want to receive
are already compressed anyway.
--
Jim Watt
http://www.gibnet.com

On Sat, 24 Sep 2005 16:16:14 GMT, Art <> wrote:

>Perhaps the most powerful piece of social engineering of late has
>been the malware with a message seeming to come from your ISP
>containing a attackment which you are encouraged to open. The
>variations on this theme are amazingly real looking, and it's no
>wonder average users will unzip and open and Run the attackment.

Yeah I got one from 'the support team' at my domain.

I got a really neat message from an Ebay user with an address to
complain about anything suspicious, the complaint site of course
required one to sign in with a username and password ...

Not phishy of course
--
Jim Watt
http://www.gibnet.com

From: "Imhotep" <>

| "Hackers have spammed out multiple new variants of the Bagle Trojan to
| millions of email addresses this week. The attacks came in two waves on
| Monday and Tuesday and forced many anti-virus firms to issue multiple
| signature updates over a greatly compressed period.'
|
| http://www.securityfocus.com/news/11325
|
| Imhotep

I'll take by Bagle with cream cheese with a side of blintzes

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman wrote:

> From: "Imhotep" <>
>
> | "Hackers have spammed out multiple new variants of the Bagle Trojan to
> | millions of email addresses this week. The attacks came in two waves on
> | Monday and Tuesday and forced many anti-virus firms to issue multiple
> | signature updates over a greatly compressed period.'
> |
> | http://www.securityfocus.com/news/11325
> |
> | Imhotep
>
> I'll take by Bagle with cream cheese with a side of blintzes
>

ummmmm blintzes.....