Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New Beagle on the war path - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Beagle on the war path
A new Beagle/Bagle variant is making the rounds. It comes in an almost empty email, as a ZIP attachment containing the worm as an EXE. The attachment name, email subject and sole text content of the email all seem to be male or female names. Keep your eyes peeled, especially if your users are reading their mail over webmail, as it seems to take another couple of hours until the AV vendors have their patterns lined up.

Update 23:10 UTC:  It took most of the AV vendors their sweet time to get the patterns out for this one. Now things slowly start to look a bit more cheerful, though we know of at least one vendor where the Beagle/Bagle attachment still sails right through the filter, even though the vendor website claims that protection is in the current pattern. If you are not yet anyway already blocking all .exe (and .exe within .zip) on your email gateway, days like today should maybe make you reconsider.

Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!