VIRUS ADVISORY: W32/Bagle.aq@MM
--> What is it?
W32/Bagle.aq@MM is a Medium Risk mass-mailing worm that tries
to open a hacker backdoor on your PC. Launched by code hidden
inside a ZIP attachment, the virus spreads by emailing itself
to stolen contacts and via popular file-sharing programs such
as KaZaa, Bearshare and Limewire. It also tries to terminate
anti-virus and other security software operation.
Up-to-date McAfee VirusScan users with DAT 4384 are
protected from this threat. Note: To fortify anti-virus
defense against viruses that carry backdoor payloads, we
recommend installing McAfee Personal Firewall Plus:
http://us.mcafee.com/root/campaign.asp?cid=11276
--> What should I look for?
FROM: Varies (spoofed)
SUBJECT: Blank
BODY: Examples: new price, The password is, Password:
ATTACHMENT: Examples: price.zip, price2.zip, price_new.zip
--> How do I know if I've been infected?
Communication Port 80 (TCP) open. Outgoing messages with noted
body content and ZIP attachments.