Summary:  Another variant of the Bagle mass-emailing worm is reported to be spreading across the Internet. The worm is propagated via email (an email recipient must open a poisoned email attachment). as well as popular Peer to Peer (P2P) file-sharing applications. If activated, the worm will begin to generate mass email messages from its own SMTP server (in an attempt to compromise any email addresses found on the victim's machine). It will also open up a "listening" port on TCP/UDP port 80.

Recommended Actions:  As always, USE CAUTION WITH SUSPICIOUS OR UNSOLICITED EMAIL MESSAGES. Update your anti-virus software signatures on all desktops, laptops and servers as soon as possible.

ITS-Wide Actions:  Recently-updated ITS email ANTIGEN and CLAMAV definition files should catch and defeat infected email messages (but there is always a possibility that some instances of the worm might have slipped through). Certain off-campus IP addresses/URLs (known to host files associated with this exploit) have been blocked to minimize the potential spread of infection. An update will be issued if any new actions are taken.

Resources:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127423
http://www.f-secure.com/v-descs/bagle_al.shtml
http://isc.sans.org/diary.php?date=2004-08-09

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home