WORM: Bagle.AF HTTP Traffic

This signature detects the AF variant of the Bagle SMTP virus. Bagle sends e-mails that contain an attachment with a malicious payload. When the attachment is viewed, the payload uses HTTP to load an external link, which is actually an executable program that infects the target host. The virus then sends a copy of itself to e-mail addresses found on the target's hard drive, using the target's e-mail address as the return address.

Extended Description

Bagle.AF is a worm that infects vulnerable Windows operating systems. It propagates through e-mail using its own Simple Mail Transfer Protocol (SMTP) engine.

References

URL: http://www.juniper.net/security/auto/vulnerabilities/vuln402.html http://secunia.com/virus_information/10683/bagle.af http://reviews.cnet.com/4520-6600_7-5127079.html

Short Name

WORM:BAGLE:AF-HTTP

Severity

Major

Recommended

False

Recommended Action

Drop

WORM: Bagle.AF HTTP Traffic

Extended Description

References

Found a potential security threat?