Anti Virus Warnings being issued all over the place..
More Here: http://www.isc.sans.org
It looks like there is a new Bagle variant making the rounds. The (preliminary) information that we have is:
* The file arrives as a zipped attachment with a filename including the word "price" (price.zip, price2.zip newprice.zip, 09_price.zip, etc...).
* Creates two files: C:\WINDOWS\system32\winshost.exe and C:\WINDOWS\system32\wiwshost.exe
* Launches winshost.exe from the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key
* This has been classified (by at least one AV vendor) as: TROJ/BAGLEDL-U
Don't open those attachments boys & girls!!
More Here: http://www.isc.sans.org
It looks like there is a new Bagle variant making the rounds. The (preliminary) information that we have is:
* The file arrives as a zipped attachment with a filename including the word "price" (price.zip, price2.zip newprice.zip, 09_price.zip, etc...).
* Creates two files: C:\WINDOWS\system32\winshost.exe and C:\WINDOWS\system32\wiwshost.exe
* Launches winshost.exe from the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key
* This has been classified (by at least one AV vendor) as: TROJ/BAGLEDL-U
Don't open those attachments boys & girls!!