bagle-i worm
Derek Winkler
dwinkler at ALGORITHMICS.COM
Tue Mar 2 16:46:25 GMT 2004
For Bagle-H Sophos included this note:
"W32/Bagle-H sends itself as a password protected ZIP file that is not
detected by this identity. However, when unzipped by the user the worm will
be detected by Sophos Anti-Virus at the user's desktop."
May be true of Bagle-I since it also uses password protected ZIP files as
well, although they didn't specifically say.
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Hong Zhu
> Sent: Tuesday, March 02, 2004 11:36 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: bagle-i worm
>
>
> Hi,
>
> we use sophos and latest bagle-i IDE was downloaded
> onto our mail server this morning, however we don't
> think mailscanner catch them as many have passed through...
>
> any idea?
>
> thanks,
> Hong
>
More information about the MailScanner
mailing list