Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Beagle on the war path

Published: 2005-12-15
Last Updated: 2005-12-15 23:15:38 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
A new Beagle/Bagle variant is making the rounds. It comes in an almost empty email, as a ZIP attachment containing the worm as an EXE. The attachment name, email subject and sole text content of the email all seem to be male or female names. Keep your eyes peeled, especially if your users are reading their mail over webmail, as it seems to take another couple of hours until the AV vendors have their patterns lined up.

Update 23:10 UTC:  It took most of the AV vendors their sweet time to get the patterns out for this one. Now things slowly start to look a bit more cheerful, though we know of at least one vendor where the Beagle/Bagle attachment still sails right through the filter, even though the vendor website claims that protection is in the current pattern. If you are not yet anyway already blocking all .exe (and .exe within .zip) on your email gateway, days like today should maybe make you reconsider.

0 comment(s)
Diary Archives