RE: New virus: Alua! (Bagle.B)

["Sean Kelly" <sean () itsecurityconsultant com>]

Sophos has also got this but identifies it as Tanx.a

Sean Kelly 
IT Security Consultant
 
2 Tintern Street, Hanley, Stoke on Trent,
Staffordshire. ST1 3QU. England.
 
Email:    sean () itsecurityconsultant com
Website: www.itsecurityconsultant.com
GSM:      (0044) 07792 982593 
 
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message, which arise as a
result of e-mail transmission. If verification is required please
request a hard-copy version. IT Security Consultant, 2Tintern Street,
Hanley, Stoke on Trent, Staffordshire. ST1 3QU England,
www.itsecurityconsultant.com

-----Original Message-----
From: Seth Hall [mailto:shall () iotaengineering com] 
Sent: 17 February 2004 16:45
To: incidents () securityfocus com
Subject: Re: New virus: Alua! (Bagle.B)

> Anyone got hit by this new virus yet?
>
> Any deep informations about it would be greatly appreciated! Do you
know
> what is the source code of the .php files it tries to execute on the
> websites?

Bitdefender has info on it, but no mention of .php files. From what it
looks
like (found at
http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=193),
it's a
fairly standard exe-in-the-system32-folder, send itself to your address
book
type virus. It does launch Sound Recorder, though.

Seth Hall


------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
------------------------------------------------------------------------
----



_______________________________________________
Scanned for all known viruses by Bucks Net
in association with NetCleanse.
Please consult http://www.bucks.net/av/ for more information.

Attachment: smime.p7s
Description: