New Worm threat...

I just received this e-mail on my global company’s account from Trend Micro (my company uses that antivirus to protect their servers):

-----Original Message----- From: Trend Micro Newsletters Editor [mailto:newsletters@trendmicro.rsc03.com] Sent: Mon 05/07/2004 8:55 AM To: CANACOMP Cc: Subject: Spam: Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AD

Dear Trend Micro customer,

As of 2:40 AM July 5, 2004 (GMT -07:00; Daylight Savings Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AD. TrendLabs has received several infection reports indicating that this worm is spreading in Japan, Korea, and Taiwan.

This worm is known to spread via email using its own Simple Mail Transfer Protocol (SMTP) engine. It also spreads via network shares. It drops copies of itself as the following files in the Windows system folder:

    loader_name.exe
    loader_name.exeopen
    loader_name.exeopenopen

Its email arrives with any of the following lines as subject:

    Re: Msg reply
    Re: Hello
    Re: Yahoo!
    Re: Thank you!
    Re: Thanks :_)
    RE: Text message
    Re: Document
    Incoming message
    Re: Incoming Message
    RE: Incoming Msg
    RE: Message Notify
    Notification
    Changes..
    Update
    Fax Message
    Protected message
    RE: Protected message
    Forum notify
    Site changes
    Re: Hi
    Encrypted document

TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy 118
    0fficial Pattern Release 927 - released 3:15 AM July 5, 2004
    Damage Cleanup Template 367
    NVW pattern 10130

For more information on WORM_BAGLE.AD, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AD

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED by July 2004. Click http://www.trendmicro.com/npf for details!


This message was sent by Trend Micro’s Newsletters Editor using Responsys Interact ™.

To unsubscribe from Trend Micro’s Newsletters Editor:
http://trendnewsletter.rsc03.net/servlet/optout?mgLDWTWDUEOpJmhkFJHgHJhtiDJhtE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/website/PersonalizedForm?mgLEwkLMLkLgJL9LgmLk.40hktELtHpsEOpJmhkFJHgHJhtiDJhtEhE3vyf_87.3de.26_7.2e_z18z

To view our permission marketing policy:
http://www.rsvp0.net

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

Cheers !

Bagle aka Beagle, looks like this is just a new variant of it.

Yes, I’m not sure, but you can see the date when they alarmed my company (Mon 05/07/2004 8:55 AM)…

I just want to be sure that Alwil are informed about that…

Artras, See this thread:

http://forum.avast.com/index.php?board=9;action=display;threadid=5685;start=60

Searh for my reply #66. You’ll find your national flag, so you can put it in your signature…

Check that thread also for instructions on how to put it in your signature, in case you don’t know… (reply #61)

Sasha

Avast has not a update yet ???Why not

Only for the Win32:Beagle-AC variant

How do you know ?
Trend list’s aliases for its “AD”-Variant with suffix/letters ranging from
.AA to .BA

so probably, avast just counts differently and Trend’s “Bagle.AD” is included as “Beagle-AC” or “Beagle-AB”, especially if you look at the date of the VPS (07-07)…

For extensive discussions about differences in virus/variants naming conventions:
→ Please use the board-search ;D ;D :wink:

Okey:-)