Nasty Variant of Bagle Virus Loose

Last Thursday, I arrived at the office to find a panicked message on voicemail from a client who couldn’t get their email. “I try to connect but I keep getting a message that I can’t connect to the server. Help! If I don’t get my email, I’ll likely die a slow and horrible death!” (Or something to that effect.) I verified with her on the phone that she was, in fact, connected to the Internet, she just couldn’t get to the mail server. Interestingly, she also couldn’t connect to an account on a different mail server. It was exceedingly odd.

So Ben and I headed over there to hunt down the problem. After a extended battle with her laptop, we finally determined that she was being blocked from sending packets out over port 110, the port needed to receive email. Through some amount of serendipity, we finally realized she had a virus, rooted in a file called bawindo.exe. This nasty little number had infected almost 350 files on her computer, was able to copy itself to other computers on the network, and installed a “sniffer” program that monitored keystrokes and sent them remotely to another computer. (You can interpret that last as being the same as someone standing behind her copying every single key she typed. Passwords, account numbers, correspondence was all compromised. Like I said, this is a nasty little guy.)

You might want to perform a search on your harddrive for a file named “bawindo.exe”. If you find it, visit the Symantec site to download a removal tool called Stinger.

Leave a Reply

Your email address will not be published.