Journal Saint Aardvark's Journal: Bagle.J 4

Journal by Saint Aardvark on Wednesday March 03, 2004 @11:35PM

Follow the bouncing ball, boys and girls:

A checks an offsite webmail account using Internet Explorer. Within his Inbox he finds an email from staff@[whatever].com explaining that his account has been sending viruses, and that he should use the attached, compressed, password-protected virus scanner to scan his computer. He downloads the attachment, unzips it, and provides the password.

B checks his work mail account using Outlook Express. He finds an email from support@[work].com explaining that the mail server will be shut down for two hours, and he should use the enclosed, compressed, password-protected backup utility to save his email. He unzips the attachment and provides the password.

C is assembling a computer for a new hire when fellow staff member D alerts him to an email he's just received with a virus within. C has looked at the combination of MIMEDefang and ClamAV earlier today, and discovered that ClamAV's signature for this virus depends upon the entire message for efficacy. However, MIMEDefang by design passes separate attachments, one at a time, to ClamAV. He's had a look at it and decided that this will take time that he doesn't have right now, since there's a new guy starting on Monday whose computer has not yet been assembled.

C explains to D the situation. D explains that the headers for the email point to someone within the work LAN. C is doubtful but asks D to forward the messages. Upon checking them using Mutt, mail client of the elder gods, he finds out that D is correct, and runs off to disconnect the virus-infected machine from the LAN.

E opens his work email account using Outlook Express. He finds an email from support@[work].com explaining that there will be a two-hour outage. The style of writing being similar to the sysadmin's, he opens the enclosed, compressed, password-protected zip file.

C, having set up a virus scanner on B's computer, comes back to find similar viruses in Mutt from E. He races off to disconnect E from the network. Upon checking the email headers in the message E got, he finds A's computer mentioned. He disconnects A's computer for good measure, and alerts the rest of the staff as patiently as possible that he rarely sends helpful tools around using password-protected zip files.

Bagle.J

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 4 Comments Log In/Create an Account

Comments Filter:

Yahoo Groups compromised (Score:1)

by johndiii ( 229824 ) * writes:

This virus has been going out through Yahoo Groups today as well. It appears to come from the list owner, and has a similar attachment/password scheme. The password appears to always be a six-digit number, but varies between instances.
Fuck that virus (Score:3, Funny)

by ender81b ( 520454 ) writes: <wdinger@NOsPAm.gmail.com> on Thursday March 04, 2004 @12:39AM (#8460204) Homepage Journal

Man I work at an ISP and screw that virus. It spoofs manager@, staff@, abuse@, etc and we must've gotten 200-300 calls plus another few hundred emails about it.

Seen two of those (Score:2)

by MonTemplar ( 174120 ) * writes:

One turned up in my home e-mail, claiming to be from NTLworld (my broadband provider). And our production manager got some claiming to be from a former customer of ours. Sneaky, but easy to spot if you're wide awake.

-MT.
- Re:Seen two of those (Score:1)
  
  by stw0ng ( 759849 ) writes:
  
  ... which just proves that drinking Bawls IS good for something other than staying up inanely late...

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Journal Saint Aardvark's Journal: Bagle.J 4

Bagle.J More Login

Bagle.J

Yahoo Groups compromised (Score:1)

Fuck that virus (Score:3, Funny)

Seen two of those (Score:2)

Re:Seen two of those (Score:1)

Slashdot Top Deals

Slashdot