Summary:  A new variant of the Bagle mass-emailing worm is reported to be spreading across the Internet. This worm requires user intervention to activate it (an email recipient must open a poisoned email attachment). If activated, the worm can disable antivirus and other security programs and will also begin to generate mass email messages from its own SMTP server (in an attempt to compromise any email addresses found on the victim's machine). It will also open up "listening" ports on TCP port 1080 and UDP port 1040.

Recommended Actions:  USE CAUTION WITH SUSPICIOUS OR UNSOLICITED EMAIL MESSAGES. Update your anti-virus software signatures on all desktops, laptops and servers as soon as possible.

ITS Actions:  ITS exchange email ANTIGEN definition files were updated to catch this variant at 1:00AM this morning. MIMEDEFANG defintions are presumed to be up-to-date as well. An update will be issued if this situation changes.

Resources:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html

Symantec Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html

http://vil.nai.com/vil/content/v_126798.htm

Stinger has been updated to detect and remove the worm:
http://download.nai.com/products/mcafee-avert/stinger.exe

http://www.sophos.com/virusinfo/analyses/w32bagleai.html

http://www.f-secure.com/v-descs/bagle_af.shtml

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home