Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: JimC on March 19, 2004, 07:49:36 PM

Title: Blocking BagleQ Virus
Post by: JimC on March 19, 2004, 07:49:36 PM: Hi to All

Can anyone help me by giving an example how to block port 81 using Muzo's masq-manager or iptables (i'm using sme 5.6u6) ? Seems like there is an explosion of Bagle & Netsky

Quot

Using this exploit, this virus sends an email message, which does not contain an attachment but a link to the virus copy in a remote location. Once the email is viewed, the message body connects to a remote site that contains an .HTA Web page. This Web page contains a Visual Basic (VB) script, which drops a VBScript file in the Windows system folder via port 81. The dropped file, which uses the file name Q.VBS, then accesses a remote location in order to download and execute a copy of PE_BAGLE.Q.

EndQuot

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies