Re: Possibly yet another MS mail worm

[Todd Vierling <tv () duh org>]

On Fri, 27 Feb 2004, Stephen Milton wrote:

: Yes, I got that one too.  To my peering alias by coincidence.  ClamAV
: identifies it as "Worm.Bagle.A2".  ClamAV added it the database today,
: and mentioned that it was not in most signature databases yet.

Yah, "Bagle.C" is the notation used by F-Secure.  This is indeed what it
was.

It's annoying how easily these things spread even though they don't rely on
a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*, so
it requires opening the zipfile and then running the program inside it.  Of
course everyone will run it, even though it's named dygfwefuih.exe (random
characters before .exe).  <grumble>

-- 
-- Todd Vierling <tv () duh org> <tv () pobox com>