Please be aware that there is an email in circulation containing a URL link to the W32/Bagle.Q virus (variants of which are subsequently identified as .R, .S and .T). When the email is opened, it will attempt to exploit a vulnerability in Microsoft Outlook and Outlook Express (MS03-032) and automatically download the virus, potentially from the machine the email was sent from.
Please note that MessageLabs are intercepting copies of this email.
The vulnerability in question was identified several months ago and the patch is available from Microsoft:
The email may appear in your inbox with the following characteristics:
- The from field of the email will be spoofed
- The email is likely to pose as a warning notification
- The greeting text of the email is likely to include the recipients’ domain name
Organisations should be particularly vigilant when receiving emails of this nature, especially if the email contains a link to a website. In particular, caution should be exercised when removing the email from the inbox of an un-patched machine, as viewing the email in the preview pane may bring about the download.
Protection can also be implemented by configuring the network perimeter firewall to block access to the internet via TCP port 81 for computers on the corporate network. For organisations that do not specifically require access through this port, this will prevent the email from automatically downloading the virus component from the internet. *
The email may comprise the following subjects:
Password: [recipient domain name]
Pass - [recipient domain name]
Password - [recipient domain name]
E-mail account security warning.
Notify about using the e-mail account.
Warning about your e-mail account.
Important notify about your e-mail account.
Email account utilization warning.
E-mail technical support message.
E-mail technical support warning.
Notify from e-mail technical support.
Notify about your e-mail account utilization.
E-mail account disabling warning.
Re: Msg reply
Re: Thank you!
RE: Text message
Re: Incoming Message
Re: Incoming Fax
Fax Message Received
RE: Protected message