Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

SIG Bagle/Beagle

From: "Cam Beasley, ISO" <cam () AUSTIN UTEXAS EDU>
Date: Mon, 19 Jul 2004 22:40:44 -0500
Might be useful to e-mail/IDS administrators.
Note, that this does not identify the .ZIP variants:

=================================
wrapped for AVscanner's digestion 
=================================

Bagle.AG-AI (sans .zip variant):
-----------------------------

6OsI6wLNIP8kJJpmvkdG6AEAAACaWY2VKyJA
AOgBAAAAaVhmv01K6OQBAACNUvnoAQAAAOhb

For Snortians:

alert tcp $TACO_NET any -> any 25 (flow:established,from_client;
content:"Content-Transfer-Encoding|3A|";
content:"Content-Disposition|3A| attachment"; distance:1;
content:"6OsI6wLNIP8kJJpmvkdG6AE"; msg:"Beagle.AG";
classtype:trojan-activity; sid:1000184; rev:1;) 

~cam.

Cam Beasley CISSP
Sr. InfoSec Analyst 
ITS/Information Security Office
The University of Texas at Austin
cam () mail utexas edu
---------------------------
Report Abuse To:
- abuse () utexas edu
- 512.475.9242
---------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: