A new variant of the Beagle/Bagle e-mail worm is spreading rapidly.
The message encourages the recipient to download a ZIP attachment, and
provides a password for the end user to type. If the user follows the
instructions on a Windows computer, the machine may become infected.
At that time, the infected computer opens a TCP port to listen for other
commands, as well as other nasty actions. Here is Symantec's
description of the worm's effects:
[log in to unmask]">http:[log in to unmask]
Due to the fact that the worm varies its message each time it is
sent, signature-based anti-virus tools are not effective against
it. This includes desktop anti-virus software as well as the
virus blocker on mail.msu.edu.
At MSU we have seen messages that appear to be from the
Admissions Office as well as from the mail team. These messages
are bogus but are phrased in a way that is much more sophisticated
than prior attempts. (The bogus Admissions message encourages new
students to visit a non-MSU Web address to download a ZIP file to
join a real time chat; the bogus mail team message urges people to
unpack an attached ZIP file to get a tool to remove Trojans.)
We strongly caution users to exercise extreme caution when
following instructions purporting to be from official sources.
Unfortunately, today we sent a legitimate message to currently
enrolled students who had not upgraded to Pilot urging them
to ugprade to mail.msu.edu.
If you have any questions please contact the consulting help
desk at 517-432-6200 or [log in to unmask]
-- Rich Wiggins
Senior Information Technologist
Academic Computing & Network Services
(formerly MSU Computer Laboratory)