ROMA, 19 GEN - E' scattato in piena notte un allarme giallo per la diffusione di un nuovo virus informatico. Riguarda Usa, Germania, Australia e Giappone. Si tratta di uno dei programmi pericolosi di ultima generazione, un worm (chiamato Bagle.A) che si diffonde attraverso la posta elettronica, rende noto l'azienda internazionale per la sicurezza informatica Trend Micro. Per ora e' allarme giallo, ossia con un grado di rischio medio, e non si hanno notizie circa un'eventuale diffusione in Italia.

I-Worm.Bagle
[ 01/18/2004 17:09, GMT +03:00, Moscow ]
Danger : severe risk
This is a worm which spreads via the Internet attached to infected emails. The worm itself is a Windows PE EXE file of about 15KB.

Contents of infected messages:
From:
[random sender]
Subject:
Hi
Body:
Test =)
Signature:
Test, yep
Attachment:
[random name]
Installation
The worm is activated only when a user clicks on the attached file. Then the worm copies itself to the System directory under the name "bbeagle.exe" and registers this file in the system registry auto-run key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d3dupdate.exe" = "%system%\bbeagle.exe"
The worm runs the Windows application "calc.exe".
The worm attempts to download TrojanProxy.Win32.Mitglieder from several remote websites and then to run it.

Spreading
The worm searches disk drives for files with the following extensions:
wab, txt, htm, html, r1
and scans them for email-like text strings, then sends infected messages to the email addresses found. The worm uses its own SMTP engine to send infected messages.
19 January 2004, 14:00 Moscow Time (GMT +3). Upgraded to Category "Severe risk" from Category "Moderate risk", based on an increased rate of submissions.