bagle-i worm

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Mar 2 17:33:01 GMT 2004 

Stephen

the password is sent as part of the email

something like.


hi here's the password you need: ahfhfghftgyghjg

then the user unzips the attachment, types in the password as given and
spltat they're hosed..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Stephen Conway wrote:
> Good day:
>
> Correct me if I am wrong, but if the zip is password protected, how would
> the end user open it w/o a password?  So should I be worried if some get
> through?  We have clients with slow Satellite connections, so it is
> difficult for them to upgrade their virus defs, so we are there only line of
> defense.  Is there a way for Sophos to scan password protected zip files?
>
> Thanks,
>
> SC
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
> Of Marco Obaid
> Sent: Tuesday, March 02, 2004 12:12 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: bagle-i worm
>
> I can confirm  that Bagle-I worm did make it through our MS gateways. I am
> running both Sophos and Command AV (up-to-date) and both let it slip
> through.
> We are running MS 4.26.8-1 and will upgrade to the latest one soon, if it
> helps. Meanwhile, I have blocked zip files temporarily.
>
>
> Quoting Derek Winkler <dwinkler at ALGORITHMICS.COM>:
>
>
>>For Bagle-H Sophos included this note:
>>
>>"W32/Bagle-H sends itself as a password protected ZIP file that is not
>>detected by this identity. However, when unzipped by the user the worm
>
> will
>
>>be detected by Sophos Anti-Virus at the user's desktop."
>>
>>May be true of Bagle-I since it also uses password protected ZIP files as
>>well, although they didn't specifically say.
>>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

More information about the MailScanner mailing list