Re: bagle alert
- I have not seen a sample of the latest bagle incarnation yet, but the
HTMLmodify plugin for SpamPal has blocked several virus emails before the
virus checker got updated. SpamPal is another spam filtering tool like
mailwasher. HTMLModify is an addon that looks for dangerous HTML usage /
exploits, and 'breaks' them, so that the email program will not execute
them. SpamPal and the plugins are free. See http://www.spampal.org/ for
----- Original Message -----
From: Judith Rempel
To: AFHS Dist-Gen ; MHSA List
Cc: Al Mierau
Sent: Friday, March 19, 2004 8:49 AM
Subject: FW: bagle alert
This will be of intrest/concern to many.
I'm willing to be corrected, but I believe that using a webmail or
mailwasher tool that allows one to review/delete e-mail BEFORE it is
migrated to one's computer is a way to dodge this particular virus threat.
If correction is needed, please reply to ALL.
Al is a search engine-positioning consultant as well as a Mennonite family
historian living in Saskatoon.
From: Al Mierau [mailto:almierau@...]
Sent: Friday, March 19, 2004 6:48 AM
Subject: bagle alert
From Al Mierau's desk.
March 19, 2004
Hackers unleash virus with a 'twist'
B Y J E F F LE E
CanWest News Service (The Vancouver Sun)
VA N C O U V E R
. Five new variants of an e-mail virus break new ground in that recipients
are no longer required to open attachments to infect their computers. The
new variants of the Bagle virus - which was discovered in January - exploit
flaws in Microsoft's Internet Explorer, Outlook and Media Player programs to
run a small hyper text language message that downloads the virus directly
into the target computer. Although Microsoft issued a patch last October to
fix the flaws, it may not be enough to prevent new variants of the Bagle
virus from infecting users' computers, according to a Korean antivirus
Eric Kwon, chief executive officer of Global Hauri, which identified three
of the variants shortly after they were released overnight yesterday, said
the virus is still triggered if users try to save the message on computers
that have been patched with the Microsoft fix
"We found that even a patched computer is still vulnerable if someone tries
to save the message," Mr. Kwon said.
Antivirus companies around the world began reporting the new variants,
called Bagle-P, Q, R, S and T, overnight as users began to open messages
that did not contain attachments. Computers in Korea and Australia were
first hit early yesterday, with thousands of machines being infected as
people went to work. Users in Britain later began to experience computer
problems. The impact was expected to widen across time zones.
In the past, viruses could be spread only by users opening email
attachments, which would then trigger self-propagating "worm" programs
embedded in the attachments. But the new variants carry a web-based URL or
hyper text message in the body of the e-mail that triggers the computer to
download a copy of the worm from infected computers.
It turns off some security and antivirus programs and disables firewalls,
according to Chris Belthoff, senior security analyst with Sophos, an
antivirus company with offices in Vancouver.
"This is a pretty serious new twist," he said from Sophos's antivirus lab in