Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - New Mass Mailing Virus InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Mass Mailing Virus

Published: 2004-02-17
Last Updated: 2004-02-18 14:50:49 UTC
by Deborah Hale (Version: 1)
0 comment(s)

New Mass Mailing Virus

A new mass mailing virus is spreading around the Internet today. Most of the Anti-Virus vendors are calling it Bagle.B. This virus harvests email addresses from infected computers and uses those addresses as the To: address while spoofing the From: address. The primary characteristics of the emails it sends are as follows:

* Subject: ID <random characters>... thanks

* Body:

* Yours ID <random characters>

* - -

* Thank

* Attachment: <random characters>.exe

If the attachment is opened, it will create a backdoor on tcp port 8866 and
will search 4 websites for email addresses to announce the IP address of
the infected computer to would-be hackers. Afterwards the infected
computer will start mass-mailing the virus laden emails to any email
addresses it finds on the infected computer.

Verify that your Anti-Virus software is up to date, and continue to practice safe computing practices. If you were not expecting the attachment don't touch it.

For more technical details please check the following websites.

Symantec -

McAfee -

Sophos -

(or your favorite Anti-Virus Vendor's website)

Thanks to Scott Fendley for the use of this information.

New worms and viruses

Today has been a busy day for SysAdmin's. There has been an explosion of new worms and malware seen today. It is important for everyone to use extreme care for the next few days as this activity shakes out.

50% Increase in Email Fraud and Phishing in January

According to an article at, " E-mail fraud and phishing scams grew by more than 50% in January, with an average of 5.7 new, unique attacks sent out to millions of consumers each day." Check out the article at

Handler on Duty

Deb Hale
0 comment(s)
Diary Archives