La Taberna del Puerto

[Roger Rabbit]

Nos notifican que ha sido detectada una version del virus Bagle (Bagle.ay), que esta ocasionando los primeros outbreaks en Internet y se propaga por Email, adjunto el aviso que hemos recibido esta mañana.

Bagle.ay spreads via the Internet as an attachment to infected email messages. The worm itself is a Windows executable file of 19KB. It is attached to messages which come with one of the following subjects: "Delivery service mail", "Delivery by mail", "Registration is accepted", "Is delivered mail", "You are made active". The message itself will read either "Thanks for use of our software" or "Before use read the help". The attachment name is chosen from the following: 'wsd01, viupd02, siupd02, guupd02, zupd02, upd02, Jol03'

The worm is activated when a user opens the attachment - this will launch the infected file. The worm then copies itself to the Windows system directory, and registers this file in the system registry. Bagle.ay will also terminate processes which protect the victim machine and the local subnetwork. This leaves the infected machine vulnerable to further attacks by malicious code.

Bagle.ay uses a standard propagation routine to spread. It scans the victim machine's file system to harvest email addresses, and then sends itself to these addresses. However, it does not send itself to addresses which appear to be connected with the antivirus industry or major software developers. This explains why antivirus companies have received relatively few samples of this new version of Bagle. The worm connects directly to SMTP servers to send infected messages.

In order to spread more widely, the worm also propagates via P2P networks and shared network resources. It searches for directories which contain 'shar' in their names. Bagle.ay will then place itself in these files under names which are similar to those of popular applications and utilities

Cuidadito y a actualizar todo el mundo las firmas del Antivirus y las actualizaciones de seguridad.

Rog
_________________
"... y a la voz de: A por ellos, que son pocos y cobardes!!, se abalanzaron sobre el que suscribe..."
visita mi madriguera en http://rograbbit.wordpress.com

[rom]

Gracias por el aviso Roger.

rom

[darty]

Por cierto... los que tengais el Norton.. actualizarlo que ya lo detecta. A mi me entró esta mañana... con eso del mensaje de mail delivery piqué.. pero el norton lo pilló.

Saludos y suerte.
_________________
"Un hombre es lo que hace, lo que escoge, las cosas que consigue crear, los sueños que consigue realizar. "

darty@latabernadelpuerto.com

[Mesana]

Mucho cuidadin con otro que ya anda circulando por ahi y que se cepilla directamente el sector 0 pista 0 del disco duro, con lo cual queda para tirar a la basura.

Llega un emilio con el texto "A card for you", como lo abras (simplemente abrirlo) el pc se "atasca", solo puedes vover a arrancarlo con ctrl+alt+sup, pero en realidad ya nunca mas vuelve a hacerlo. El disco duro ha quedado como papilla y se acabo.

McAfee no puede aun eliminarlo, solo detectarlo.

Mucho cuidadin.
_________________
¿Arriar algo dices?, justamente estaba pensando izar la sobrejuanete