Jump to content

- - - - -

New Bagle Worm runs without attachment

  • This topic is locked This topic is locked
1 reply to this topic

#1 AibelNET


    CS v Women CS always win..

  • Elites
  • 215 posts

Posted 19 March 2004 - 10:59 AM

A series of new variants of the prolific Bagle worm has raised alarms in the security community through an innovative infection mechanism: The e-mail message in which the variants arrive may have no file attachment, and it's possible for a user to become infected without having to launch one.

The message includes a Windows ActiveX control and uses a vulnerability announced and patched by Microsoft Corp. in August and another problem from last October. The most recent Cumulative Security Update for Internet Explorer also includes a fix for the more recently discovered flaw.

The ActiveX control does not contain the actual worm, according to McAfee Security. Instead, it creates and runs a VBScript on the system, which downloads and executes the worm from one of a list of IP addresses. According to McAfee, as of 06:45 PST on March 18, "The majority of the 590 IP addresses seen have been closed down. At the time of writing, 39 were still responding."

News source: eWeek

#2 ReynoldsM


    Reynolds Medila

  • Elites
  • 2,147 posts

Posted 19 March 2004 - 12:58 PM

Thanks for letting us know.

Want to comment?

Register or Sign In to go completely ad-free!