Skip Over Navigation Links
Center for Information TechnologyAntivirus
Antivirus Home Page
Contact Us
Questions or Comments
Disclaimers

Software
Current client downloads:
VScan Engine/Dat (SuperDat) -5.2.00/4.0.5378
VirusScan Enterprise 8.5i (with Patch 6) - Windows NT/2000/XP/2003
VirusScan Enterprise 7.1 - Windows NT/2000/XP/2003
Virex (OS X) Engine/Def - 7.2(v1.1)/080903
Virex (OS 9.x) Engine/Def - 6.2/071001
Linux & Solaris Engine/Dat - 5.2.00/4.0.5196
Symantec Antivirus - 10.1.7.7000
Symantec Antivirus - 10.2
Clean Boot 1.0
Stinger v3.8.0 virus removal tool (Updated 09/10/07)
Current server downloads:
VirusScan Enterprise 8.5
VirusScan Enterprise 7.1
NetShield NetWare - 4.6.2
NetShield NetWare - 4.6.3
NetShield NetWare Engine Update - 4.4.00
ePO agent for NetWare
ScanMail eManager - 3.0

Information
ePO 3.0/VirusScan 7.0 Presentation
Virex 7.x Installation Instructions
VirusScan FAQs
VirusScan Instructions
Additional Resources

Archives
List of Viruses

Virus Alerts

W32/Bagle.z@mm (aka worm_bagle.X@mm by Trend Micro) Last Updated 4/26/04 4:30PM

CIT has been notified of an email virus called W32/Bagle.z@mm. This is a mass-mailing worm that harvests email addresses from infected machines. Emails are forged to appear to be sent by an address from the @nih.gov domain. This mass-mailing worm has two attachments included. Recent email samples show a .jpg and a .cpl attachment.

From: alias@nih.gov

  • annie@ (domain of recipient)
  • christina@ (domain of recipient)
  • christy@ (domain of recipient)
  • jessie@ (domain of recipient)
  • lizie@ (domain of recipient)
  • secretGurl@(domain of recipient)

Examples of subjects lines are:

  • Hey!
  • Let's talk, my friend!
  • Hello!
  • Hey!
  • Let's socialize, my friend!
  • Let's talk, my friend!
  • I'm bored with this life
  • Notify from a known person ;-)
  • I like you
  • I just need a friend
  • I'm a sad girl...
  • Re: Msg reply
  • Re: Hello

Body: varies

Example

Hi,

(embedded .jpg image here)

I'm a young lady of 20 years old i'd like to find my second part!!!

Further details are in attach.
Cheers, SecretGurl

Attachment:(Two attachments, Possibly a .jpg and .cpl file)

Example

  • Details
  • Details
  • Document
  • Information
  • Message
  • MoreInfo
  • Readme

    NAI has released SuperDat 4353 and later to detect and remove W32/Bagle.z@mm.

    Symantec will be releasing definitions dated 4/26/04 to detect and remove beagle.w@MM.

    For more Information:

    http://vil.nai.com/vil/content/v_122415.htm from NAI.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html from Symantec.

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.X From Trend Micro.

    This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.

    		•

    Contact NIH Help Desk for assistance:
    866-319-4357 (toll free), 301-496-4357 (6-HELP) (local), 301-496-8294 (TDD)
    http://ithelpdesk.nih.gov/support
    Register for iForgotMyPassWord

    		National Institutes of HealthCenter for Information Technology
    National Institutes of Health
    Bethesda, Maryland 20892

    Questions or Comments | Disclaimers | Privacy Policy

    		 Department of Health and Human ServicesHealth and Human Services
    Washington, D.C. 20201
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -