Account
♦ Password
♦ Mailsetup
♦ Info
Services
♦ Workstations
  ♣ Linux
  ♣ MacOS
♦ E-Mail
♦ Chat
♦ Files
♦ Backups
♦ Printers
♦ Network
♦ Statistics
♦ Downloads
♦ Links
News
♦ Newsletter
♦ Submit
♦ Search
Readme
Hacks
♦ Linux
Tools
Contact
About


  Virus on our mailserver
Microsoft Posted by Beat Rubischon on Wednesday March 03, @10:42AM
from the when-pros-write-viiri dept.
This morning, we found several copies of the Virus W32/Bagle.j@MM on our mailserver. Because of a new approach, we are currently not able to filter out all of them. Read on how to protect your computer from this virus.

Update: Since thursday evening, we are able to detect W32/Bagle in packed archives.

The mail looks like the following one:

From: administration@ethz.ch
To: isg@phys.ethz.ch
Subject: Warning about your e-mail account.
Date: Tue, 02 Mar 2004 20:32:33 -0700

Dear user of "Ethz.ch" mailing system,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Advanced details can be found in attached file.

Attached file protected with the password for security reasons. Password is 00287.

Attached to such mails is a ZIP file containing the virus.

Be sure to have

  • a virus scanner installed on your computer
  • keep it up to date
  • don't open attachements which you do not trust 100%
Feel free to contact us in case of questions!

Update: All available commercial virus scanners running on Linux are currently not able to detect W32/Bagle in a crypted zip file. We were using McAfee and tested Sophos without success. The OpenSource virus scanner ClamAV find W32/Bagle since thursday morning and we incorporated this scanner in our mailserver. We will now collect experiences with this scanner and give you feedback about it.

Thanks to all people who send us samples of the several versions of Bagle!

<  |  >

 
  Related Links
  • Articles on Microsoft
  • Also by Beat Rubischon
  • Contact author
    		•

    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    Re: Virus on our mailserver
    by Matthias Troyer on Thursday March 04, @12:12AM
    The text of these e-mails can be different from the above, but with similar intent, such as:

    Dear user of e-mail server "Ethz.ch",

    Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

    For details see the attach.

    For security reasons attached file is password protected. The password is "14118".
    [ Reply to this ]
    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    © 2003 ISG, Departement Physik, ETH Zürich, <isg@phys.ethz.ch>