Disclaimer: This news item was originally posted on Sunday, Jul 18, 2004. Its content may no longer be timely or accurate.

WiscMail is now catching the Bagel-AI virus (a.k.a. W32.Beagle.AG@mm)

Posted: 19:00:00, Sunday, Jul 18, 2004   Expiration: 19:00:00, Monday, Jul 19, 2004

DoIT estimates that we are getting about 150,000 of the new Bagle-Zip (a.k.a. Beagle) variant (password protected zip) virus per hour. Symantec has released virus definitions to deal with the virus. So we are putting in some policy rules to drop "suspect attachments," essentially using WiscMail filters to stop delivery of the virus.

WiscMail customers may have "live" Bagel virus variants in their InBoxes that were received between 11:00 AM and 2:00 PM today (7/19/04). Those messages still pose a risk to customers. Desktop anti-virus software should be updated to prevent infection. Keep in mind that WiscMail is only catching *incoming* Bagle-AI viruses.

This page may be useful if you want to verify the latest IDEs for Sophos (WiscMail a/v scanners:
http://www.doit.wisc.edu/WiscMail/virus/virus_info.asp

Here is more detailed information about Bagle-AI (source NAI):
http://vil.nai.com/vil/content/v_126798.htm

July 19: Symantec has released their news item on the same virus, but using the name Beagle: http://www.sarc.com/avcenter/venc/data/w32.beagle.ag@mm.html. Symantec's removal tool for this virus can be found here: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html.

-- Brian Rust - DoIT Communications

Created: 09:55:21, Monday, Jul 19, 2004 (by WWANG4)
Updated: 06:16:00, Wednesday, Jul 21, 2004 (by WWANG4)