| 5:42 pm on Aug 9, 2004 (gmt 0)|
while we are on the subject ..apparently from some of the more recent call outs I have had to deal with CD trays going wiggy and "possessed" ..net bus ( client side control ) has been discovered by a new generation of kiddies ...Think BO did this aswell? ...
what is the target ( apart from Doze in general of Price ..rogerd? )
| 5:47 pm on Aug 9, 2004 (gmt 0)|
Target? I don't know, Leosghost, but I can forward one for you to open & find out... ;)
I'm guessing it's similar to the Bagle: [software.silicon.com...]
| 6:20 pm on Aug 9, 2004 (gmt 0)|
I received it in a "zip" file something like "newprice.zip" which I immediately deleted.
| 6:39 pm on Aug 9, 2004 (gmt 0)|
|All samples received so far arrive without subject. Attachment names are price2.zip, new__price.zip, 08_price.zip, and likely others. The text reads 'price' or 'new price'. |
Nice catch Roger.
| 7:31 pm on Aug 9, 2004 (gmt 0)|
More info from SANS:
|the virus installs itself as C:\WINDOWS\System32\WINdirect.exe and runs from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win_upd2.exe |
| 8:18 pm on Aug 9, 2004 (gmt 0)|
Still not much out there, but eWeek is reporting that some users are being inundated by the worm: [eweek.com...]
McAfee now calls it a medium threat, but it doesn't seem to be on the radar at Symantec yet.
| 8:49 pm on Aug 9, 2004 (gmt 0)|
My Mcafee updated itself about 5 minutes ago with a definition of it.
| 8:55 pm on Aug 9, 2004 (gmt 0)|
Received several dozen this afternoon, it's certainly taking off.
| 8:58 pm on Aug 9, 2004 (gmt 0)|
Yeah this one is going fast - received about 50 in the last few hours. This one's going for a real minimalist look to it...
| 9:02 pm on Aug 9, 2004 (gmt 0)|
According to Full Disclosure, this is another Bagel variant, so expect updated defs from all vendors in a few hours.
In fact, defs are out:
| 9:04 pm on Aug 9, 2004 (gmt 0)|
Edited because we just said the same thing! (Beat me to it...)
| 9:28 pm on Aug 9, 2004 (gmt 0)|
Our EMail Virus Scanner has blocked every instance, “We are quite safe from their pathetic insignificant virus rebellion.”
| 9:49 pm on Aug 9, 2004 (gmt 0)|
AVG has an critical update for it too. Thanks for the heads-up.
| 10:12 pm on Aug 9, 2004 (gmt 0)|
I've received it all day, with the attachment price.zip
| 10:14 pm on Aug 9, 2004 (gmt 0)|
Youp. Had several of them in my mail today, now in my paperbasket.
Oh this viruses nowadays suck. I remember the first virus I ever had on my PC it seems like decades ago. It was called the Stoned Virus. And everytime the PC started it said something like: "Your PC is now stoned. Legalize Marijuana!"
At least it had some message... Ah the good old times...
| 10:31 pm on Aug 9, 2004 (gmt 0)|
Ha! just found it on Symantec. (Stoned Virus)
They still have it there. 1987... O god i'm getting old.
(Sorry for getting a little off topic...)
| 10:34 pm on Aug 9, 2004 (gmt 0)|
lol our clients are loven this one.
| 10:48 pm on Aug 9, 2004 (gmt 0)|
Had one too, when are the big AV's catching up? Hope tonight.
| 11:19 pm on Aug 9, 2004 (gmt 0)|
Haven't received it either at home or at work - at work is a real surprise considering....
| 11:36 pm on Aug 9, 2004 (gmt 0)|
So, is it just me, or do you think that this could be targeted at affiliates?
The reason I ask is because my affiliate email address that I use to communicate with merchants is getting hammered by this, some looking like it came from the merchant, and, hmmm.. price.exe or variation would be something that an affiliate might want to open. Then again, it could be just strange luck that only the affiliate address has been hit.
| 12:01 am on Aug 10, 2004 (gmt 0)|
I don't think there's any affiliate spin on this, hannymyluv. The earliest copies I saw came via a political organization, and then I began seeing them from other random sources. Kind of the luck o' the address book.
| 12:19 am on Aug 10, 2004 (gmt 0)|
i got this email and open teh folder.. but i didn't touch the exe file... hopefully that didn't do anything to my computer.
| 6:53 am on Aug 10, 2004 (gmt 0)|
Norton has a new LiveUpdate virus definitions file dated today. It's getting to be a pretty large file.