New Bagle Downloader spreading like wildfire via email
May 31 2005
45,769 copies intercepted in last hour
31 May 2005, 5pm BST – MessageLabs is warning computer users to be on their guard against a new variant of the Bagle downloader which appears to have originated from an address purporting to be within Yahoo! Groups. MessageLabs has intercepted almost 70,000 copies already; first copy was stopped today at 13:24 GMT (14:24 BST).
Within the last hour only (3-4pm BST), 45,769 copies have been stopped.
How it works
This most recent Bagle downloader variant drops a trojan that attempts to download itself from a vast list of locations. Computer users who have been successfully tricked into activating the file attached invoke the virus, which harvests email addresses it finds on the hard drive. The virus then forwards itself onto the list of email addresses it has discovered in the infected computer.
Subject lines: <Empty>
Body Text: <Empty>
Once activated, the Bagle downloader variant drops a copy of an executable file onto infected computers, which in turn polls a vast list of URLs for the availability of a new mass-mailing component.
MessageLabs detected this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.
For further information, please visit the MessageLabs website at:
A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities.
Windows Security Update Summary for May 2005
Published: May 10, 2005
Security Bulletin MS05-024
Maximum severity: Important
Update number: 894320
Supported software affected:
• Windows 2000 Service Pack 3 (SP3) and SP4
Technical bulletin: Vulnerability in Web View Could Allow Remote Code Execution (894320)