Virus warning - Bagle.C

[Jason Richardson <A00JER1 () WPO CSO NIU EDU>]

Bagle.C is out and none of the AV vendors have solid signatures for it
yet.  We saw it on our campus before there was any word of it that I am
aware of.  For those of you using McAfee, NAI has a superdat that picks
it up available here -
http://a64.g.akamai.net/7/64/2015/2004-02-20-05/download.nai.com/products/mcafee-avert/101059a.exe
.  Here's a brief write up:

---
Jason Richardson, J.D., CISSP, CISM, CNE
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich () niu edu

> > > <technical () cdg-group com> 2/27/2004 6:33:32 PM >>>
Virus Notification
WORM_BAGLE.CA Service of CDG, Inc.February 27, 2004    This Bulletin is
to inform you of a virus threat that has been classified as a medium
alert virus
Virus Info Name: WORM_BAGLE.C
Type: Worm
Risk:Medium
Synopsis: This is an early warning notification, not all technical
details and attack vectors have yet been analysed for this worm.  This
malware is compressed in zip format so until further details are
available for the malware we suggest blocking or quarantining zip files.
This memory-resident worm propagates by mass-mailing copies of itself
using SMTP (Simple Mail Transfer Protocol).

The email message it sends out contains the following details:
Sample:
Subject: price-;ist
From: %random%
Attachement: ddcbcdbd.zip
This malware runs on Windows 95, 98, ME, NT, 2000 and XP.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.