william(at)elan.net wrote:
FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post
Somebody sent me a copy of the content and its vbscript that downloads an image converts it into executable and then probably uses some bug in microshit products to have it executed. I'm not that good with windows scripting so whoever of the security people here wants to see it futher if you can not get it yourself, let me know. Its possible this maybe zombie making virus using nanog to replicate (somebody's sick joke) but possibly its more general with other lists too. Spammers and virus writers joined together are getting nastier and nastier.
It's another varient of Bagle... My analysis of it is at: http://www.au.sorbs.net/virus.explain.txt - since then Symantec has release it's more detailed explaination under the headings for Bagle.r and Bagle.s / Mat