Information Technology Services: Alerts Archive

ALARM Group ALERTclick for a description of ALARM, The Computing Alert System
Alert Number:  102904-01
Alert Date:  10/29/04
Alert Title:  New variants of Bagel Worm are spreading
Update-to:  None
OS/Platform/Application:  Microsoft Windows 2000/95/98/ME/NT/XP/Server
Category:  ALERT
Severity:  MEDIUM
Attention:  Windows System Administrators, Desktop Support Personnel, Email and P2P users

Summary:  Three recent variants of the Bagle worm are reported to be spreading across the Internet. The worms are propagated via email (an email recipient must open a poisoned email attachment) as well as popular Peer to Peer (P2P) file-sharing applications. If activated, the worm will begin to generate mass email messages from its own SMTP server (in an attempt to compromise any email addresses found on the victim's machine). It will also open up a "listening" port on TCP/UDP port 81.

Recommended Actions:  As always, USE CAUTION WITH SUSPICIOUS OR UNSOLICITED EMAIL MESSAGES. Update your anti-virus software signatures on all desktops, laptops and servers as soon as possible. The most recently-released antivirus updates should be able to detect the presence of these worms.

ITS Actions:  Recently-updated ITS email ANTIGEN and CLAMAV definition files should catch and defeat infected email messages (but there is always a possibility that some instances of the worm might have slipped through).

Resources:
http://secunia.com/virus_information/13033/bagle-au/
http://secunia.com/virus_information/13042/beagle.aw/
http://secunia.com/virus_information/13041/beagle.av/
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129509
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129511
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129510
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.au@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.aw@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff
Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home

University at Albany homepage