Hi, Guest
06-21-2006, 10:34 PM
The 4789 DAT files have been released early due to the prevalence of multiple W32/Bagle variants observed today.
Full details on the threats have been posted to the McAfee Avert Labs Threat Center:
W32/Bagle.fb@mm - http://vil.nai.com/vil/content/v_139997.htm
W32/Bagle.dldr - http://vil.nai.com/vil/content/v_129512.htm
The various 4789 daily DAT file packages can be found at http://www.mcafee.com/apps/downloads/secur...updates/dat.asp
Best Regards,
McAfee Avert Labs - Come visit our Blog - http://www.avertlabs.com/research/blog/
-----------------------------------------------------
Added by me:
To remove it, perform a complete scan of your downloaded email. At the corporate level (Exchange 2000/2003), perform a complete scan of the server at the mailbox level and ensure scanning for encrypted items / corrupted items is enabled.
We got hit pretty good with this, but only one known user instance so far. In that case, the user actually used the enclosed password for the encrpyted zip, extracted it, and then her personal McAfee Enterprise 8.0i caught it and deleted it from her extract destination instantly.
This is more for the other IT heads on here than the users, as MOST of you I wouldn't brand as stupid enough to actually open a passworded zip file from a misformatted sender. :rolleyes:
Full details on the threats have been posted to the McAfee Avert Labs Threat Center:
W32/Bagle.fb@mm - http://vil.nai.com/vil/content/v_139997.htm
W32/Bagle.dldr - http://vil.nai.com/vil/content/v_129512.htm
The various 4789 daily DAT file packages can be found at http://www.mcafee.com/apps/downloads/secur...updates/dat.asp
Best Regards,
McAfee Avert Labs - Come visit our Blog - http://www.avertlabs.com/research/blog/
-----------------------------------------------------
Added by me:
To remove it, perform a complete scan of your downloaded email. At the corporate level (Exchange 2000/2003), perform a complete scan of the server at the mailbox level and ensure scanning for encrypted items / corrupted items is enabled.
We got hit pretty good with this, but only one known user instance so far. In that case, the user actually used the enclosed password for the encrpyted zip, extracted it, and then her personal McAfee Enterprise 8.0i caught it and deleted it from her extract destination instantly.
This is more for the other IT heads on here than the users, as MOST of you I wouldn't brand as stupid enough to actually open a passworded zip file from a misformatted sender. :rolleyes:
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
