From: Steven Kaeser <steve.nul>
Date: Fri, 5 Mar 2004 09:12:01 -0500
Fwd Date: Fri, 05 Mar 2004 10:10:06 -0500
Subject: Re: New Virus Threat - Kaeser


>From: Terry Groff <terry.nul>
>To: <ufoupdates.nul>
>Date: Thu, 4 Mar 2004 15:39:39 -0600
>Subject: Re: New Virus Threat

>>From: Dan Bright <ufo.nul>
>>To: ufoupdates.nul
>>Date: Thu, 04 Mar 2004 18:43:55 -0000
>>Subject: New Virus Threat

>>Listers,

>>Beware.

>>I today received the "Bagle.K" virus/worm, which went un-
>>detected by both the anti-virus defences on my host server and
>>my local machine. Luckily I suspected this was indeed a virus,
>>and therefore the security of my system was not compromised.
>>However, this particular event serves to highlight just how
>>insidious these viruses are becoming.

<snip>

>I have received several of these in the last couple of days.
>Fortunately I could tell immediately that they were bogus
>because they came from a nonexistent email address from my own
>mail server. I don't have a "support_at_terrygroff.com". Plus
>MailWasher allows me to view the text and headers before I
>actually DL it to my PC.


The .zip file is password protected to prevent many AV products
from scanning it. This relies on the 'dumb human' to open the
email, save the attached .zip, open it, and then enter a
password to access the infector file.

If run, the system will likely not be able to scan it as it
loads into memory and you're infected.

The Bagle variants are part of the cyber war going on between two
anonymous groups, who are compeition with each other, and this
past week has been a real mess for those of us who support AV
deployment.


Steve