Subscriber Advisory on Bagle.J Virus
March 5, 2004

A new computer virus called Bagle.J was discovered to have been infecting computers worldwide. It has been found spreading late since March 2, 2004.

The worm spreads itself through e-mail messages in an executable attachment with .PIF or .EXE extension, or in a password protected ZIP archive that contains the worm's executable file with random name. The worm randomly selects subjects, message bodies and attachment names from its internal lists. The worm also generates random passwords that it uses to encrypt its ZIP archive.

The infected message's From: field e-mail address is generated from a recipient's domain name and the following user names:

management@
administration@
staff@
noreply@
support@

AN EXAMPLE OF AN EMAIL SENT BY THE Bagle.J VIRUS COULD LOOK LIKE THIS: Subject: E-mail account disabling warning. From: administration@mozcom.com Date: Thu, 04 Mar 2004 08:24:09 +0800 To: info@mozcom.com Dear user of Mozcom.com, Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. For more information see the attached file Attached file protected with the password for security reasons. Password is 24132. Best wishes, The Mozcom.com team http://www.mozcom.com

Be informed that Mozcom never includes attachments in our email advisories. We urge you to check your computers to determine if you have been infected by this worm, and most of all avoid opening suspicious email attachments. Also, update your computer virus protection.

Should you need further technical assistance, contact Mozcom's Customer Service Department at 848-2606 (Manila); 253-0013 (Cebu); 221-1462 (Davao); 443-9502 (Baguio).