Bagle blitz unleashed

Discussion in 'Computer Security' started by Imhotep, Sep 24, 2005.

  1. Imhotep

    Imhotep Guest

    "Hackers have spammed out multiple new variants of the Bagle Trojan to
    millions of email addresses this week. The attacks came in two waves on
    Monday and Tuesday and forced many anti-virus firms to issue multiple
    signature updates over a greatly compressed period.'

    http://www.securityfocus.com/news/11325

    Imhotep
     
    Imhotep, Sep 24, 2005
    #1
    1. Advertising

  2. Imhotep

    Jim Watt Guest

    On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
    wrote:

    >"Hackers have spammed out multiple new variants of the Bagle Trojan to
    >millions of email addresses this week. The attacks came in two waves on
    >Monday and Tuesday and forced many anti-virus firms to issue multiple
    >signature updates over a greatly compressed period.'
    >
    >http://www.securityfocus.com/news/11325


    I believe you remove ALL executable attachments from email
    rather than scanning them for malware.

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Sep 24, 2005
    #2
    1. Advertising

  3. "Jim Watt" <_way> wrote in message
    news:...
    > On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
    > wrote:
    >
    > >"Hackers have spammed out multiple new variants of the Bagle Trojan to
    > >millions of email addresses this week. The attacks came in two waves on
    > >Monday and Tuesday and forced many anti-virus firms to issue multiple
    > >signature updates over a greatly compressed period.'
    > >
    > >http://www.securityfocus.com/news/11325

    >
    > I believe you remove ALL executable attachments from email
    > rather than scanning them for malware.


    If they're the one's I /think/ they are, then they're packaged as ZIPs.

    I've been seeing a fairly constant stream (one or two a day). No peaks.

    Couldn't find the original story at El Reg (they usually attribute), but I
    did find something interesting:

    http://www.theregister.co.uk/2005/09/21/linux_firefox_security_bug/

    Fairly standard "arbitrary command" vuln.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Sep 24, 2005
    #3
  4. Imhotep

    Art Guest

    On Sat, 24 Sep 2005 10:47:30 +0200, Jim Watt <_way>
    wrote:

    >On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
    >wrote:
    >
    >>"Hackers have spammed out multiple new variants of the Bagle Trojan to
    >>millions of email addresses this week. The attacks came in two waves on
    >>Monday and Tuesday and forced many anti-virus firms to issue multiple
    >>signature updates over a greatly compressed period.'
    >>
    >>http://www.securityfocus.com/news/11325

    >
    >I believe you remove ALL executable attachments from email
    >rather than scanning them for malware.


    The best advice to average users is to delete all unsolicted email
    attackments. There are various ways of hiding actual file extensions.
    Some malware comes as:

    purtygurl.jpg .exe

    for one example where spaces are used to hide the .exe extension.

    Another trick is to use the scrap file extension .SHS which Windows
    hides:

    purtygurl.jpg.shs

    appears in Windows as:

    purtygurl.jpg

    and the actual scrap file _ is_ executeable. The same can be done
    with .SHB files.

    Perhaps the most powerful piece of social engineering of late has
    been the malware with a message seeming to come from your ISP
    containing a attackment which you are encouraged to open. The
    variations on this theme are amazingly real looking, and it's no
    wonder average users will unzip and open and Run the attackment.

    Art

    http://home.epix.net/~artnpeg
     
    Art, Sep 24, 2005
    #4
  5. Imhotep

    Imhotep Guest

    Jim Watt wrote:

    > On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
    > wrote:
    >
    >>"Hackers have spammed out multiple new variants of the Bagle Trojan to
    >>millions of email addresses this week. The attacks came in two waves on
    >>Monday and Tuesday and forced many anti-virus firms to issue multiple
    >>signature updates over a greatly compressed period.'
    >>
    >>http://www.securityfocus.com/news/11325

    >
    > I believe you remove ALL executable attachments from email
    > rather than scanning them for malware.
    >
    > --
    > Jim Watt
    > http://www.gibnet.com


    I do (in a corporate environment), it just makes sense...I guess it is
    people at home that may not have that option....

    Imhitep
     
    Imhotep, Sep 24, 2005
    #5
  6. Imhotep

    Jim Watt Guest

    On Sat, 24 Sep 2005 13:15:30 GMT, "Hairy One Kenobi"
    <abuse@[127.0.0.1]> wrote:

    >
    >"Jim Watt" <_way> wrote in message
    >news:...
    >> On Sat, 24 Sep 2005 01:14:45 -0400, Imhotep <>
    >> wrote:
    >>
    >> >"Hackers have spammed out multiple new variants of the Bagle Trojan to
    >> >millions of email addresses this week. The attacks came in two waves on
    >> >Monday and Tuesday and forced many anti-virus firms to issue multiple
    >> >signature updates over a greatly compressed period.'
    >> >
    >> >http://www.securityfocus.com/news/11325

    >>
    >> I believe you remove ALL executable attachments from email
    >> rather than scanning them for malware.

    >
    >If they're the one's I /think/ they are, then they're packaged as ZIPs.


    I filter them too and receive them by appointment only :)

    Although zips were a godsend in the days of BBS's they are
    past their best-by date today. Most of the files I want to receive
    are already compressed anyway.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Sep 24, 2005
    #6
  7. Imhotep

    Jim Watt Guest

    On Sat, 24 Sep 2005 16:16:14 GMT, Art <> wrote:

    >Perhaps the most powerful piece of social engineering of late has
    >been the malware with a message seeming to come from your ISP
    >containing a attackment which you are encouraged to open. The
    >variations on this theme are amazingly real looking, and it's no
    >wonder average users will unzip and open and Run the attackment.


    Yeah I got one from 'the support team' at my domain.

    I got a really neat message from an Ebay user with an address to
    complain about anything suspicious, the complaint site of course
    required one to sign in with a username and password ...

    Not phishy of course
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Sep 24, 2005
    #7
  8. From: "Imhotep" <>

    | "Hackers have spammed out multiple new variants of the Bagle Trojan to
    | millions of email addresses this week. The attacks came in two waves on
    | Monday and Tuesday and forced many anti-virus firms to issue multiple
    | signature updates over a greatly compressed period.'
    |
    | http://www.securityfocus.com/news/11325
    |
    | Imhotep

    I'll take by Bagle with cream cheese with a side of blintzes ;-)

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 24, 2005
    #8
  9. Imhotep

    Imhotep Guest

    David H. Lipman wrote:

    > From: "Imhotep" <>
    >
    > | "Hackers have spammed out multiple new variants of the Bagle Trojan to
    > | millions of email addresses this week. The attacks came in two waves on
    > | Monday and Tuesday and forced many anti-virus firms to issue multiple
    > | signature updates over a greatly compressed period.'
    > |
    > | http://www.securityfocus.com/news/11325
    > |
    > | Imhotep
    >
    > I'll take by Bagle with cream cheese with a side of blintzes ;-)
    >


    ummmmm blintzes.....
     
    Imhotep, Sep 25, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nils Erik

    Blitz for Sony DSC-F828

    Nils Erik, Jan 27, 2004, in forum: Digital Photography
    Replies:
    3
    Views:
    455
    mark_digital
    Jan 28, 2004
  2. Doug MacLean
    Replies:
    0
    Views:
    1,015
    Doug MacLean
    Aug 19, 2003
  3. Colin Caulkins

    Ginger Snaps II: Unleashed

    Colin Caulkins, Apr 23, 2004, in forum: DVD Video
    Replies:
    3
    Views:
    548
    It's me, Billy
    Apr 26, 2004
  4. Doug MacLean
    Replies:
    0
    Views:
    711
    Doug MacLean
    Apr 26, 2005
  5. Doug MacLean
    Replies:
    3
    Views:
    549
    Doug MacLean
    Jul 12, 2005
Loading...

Share This Page