Educause Security Discussion mailing list archives
SIG Bagle/Beagle
From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Mon, 19 Jul 2004 22:40:44 -0500
Might be useful to e-mail/IDS administrators. Note, that this does not identify the .ZIP variants: ================================= wrapped for AVscanner's digestion ================================= Bagle.AG-AI (sans .zip variant): ----------------------------- 6OsI6wLNIP8kJJpmvkdG6AEAAACaWY2VKyJA AOgBAAAAaVhmv01K6OQBAACNUvnoAQAAAOhb For Snortians: alert tcp $TACO_NET any -> any 25 (flow:established,from_client; content:"Content-Transfer-Encoding|3A|"; content:"Content-Disposition|3A| attachment"; distance:1; content:"6OsI6wLNIP8kJJpmvkdG6AE"; msg:"Beagle.AG"; classtype:trojan-activity; sid:1000184; rev:1;) ~cam. Cam Beasley CISSP Sr. InfoSec Analyst ITS/Information Security Office The University of Texas at Austin cam () mail utexas edu --------------------------- Report Abuse To: - abuse () utexas edu - 512.475.9242 --------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- SIG Bagle/Beagle Cam Beasley, ISO (Jul 19)