NEW Virus out today? Anyone seen this?

typhoon43 · Jun 11, 2004

Subject: protected document
Comes with text_document.zip attachment and password.bmp picture.
I accidentally let it through our isolation queue.

We run McAfee AV Corporate edition and the newest dats don't detect it. SARC, Sophos, and NAI have nothing on it, which seems odd to me.

Anyone else gotten any this morning? I'm hoping it's not some new Netsky variant.

Boscoh · Jun 11, 2004

Haven't seen that one.

Did you send the attachment to McAfee?

TrueBuckeye · Jun 11, 2004

I've seen nothing so far. I'll keep an eye out.

Icculus · Jun 11, 2004

It appears to be a varient of the bagle worm.

Attachment file : text_document.zip
Scanner Detected: W32/Bagle.gen!pwdzip
Action taken : Unable to Clean...

Attachment file : text_document.zip
Scanner Detected: W32/Bagle.gen!pwdzip
Secondary Action taken : Moved...

We run the same McAfee Enterprise, my virus definitions haven't been updated since last Friday and it was caught. I would check if I were you ( I know my users love to cancel updates and scans whenever they can because it gives them something to complain about when they do get a virus )

M11 · Jun 11, 2004

I've got that garbage trying to come through my server as well, but I blocked all password protected ZIPs a while ago

. I would suggest that you do the same, and be done with the Bagle. If anyone needs to securely send documents through E-Mail, the ZIP encryption algorithm is worthless. Thus, nobody should be using it anyway.

NEW Virus out today? Anyone seen this?

typhoon43

2[H]4U

Boscoh

[H]ard|Gawd

TrueBuckeye

Most valuable "member"

Icculus

n00b

M11

Does Not Follow Instructions.