| » About NACS |
Saturday July 4th, 2009 » Summer Session I |
|
|
| » About NACS |
Saturday July 4th, 2009 » Summer Session I |
|
|
|
Summary: A new worm, BagleK, is spreading quickly around the Internet and UCI. Below is a description of the worm and a removal tool. Do not open any attachment you are not expecting.
If you think that you may be infected with Bagle, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present.
Note: Receiving an e-mail alert stating that the virus came from your e-mail address is not an indication that you are infected as the virus often forges the from address.
W32.Bagle.K@mm opens a backdoor on TCP port 2745 and uses its own SMTP engine
to spread through email. It also sends the attacker the port on which the backdoor
listens, as well as the IP address. It also attempts to spread through file-sharing
networks, such as Kazaa and iMesh, by dropping itself into the folders that
contain "shar" in their names.
The email has the following characteristics:
Attachment: A randomly named .exe file, inside a .zip file,
or an .pif file. The zip file will be password-protected. DO
NOT OPEN IT!
| Also Known As: | Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] |
| Type: | Worm |
| Systems Affected: | Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
| Systems Not Affected: | DOS, Linux, Macintosh, Microsoft IIS, OS/2, UNIX, Windows 3.x |
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
Download and run the McAfee AVERT Stinger to remove the worms from your system.
Please call the NACS Response Center at (949) 824-2222 if you have any questions.
