VirusW32/Bagle.Z !tr
Analysis
Recommended Action
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
Update" option
- Using the FortiGate manager, enable blocking of
.HTA, .SCR & .EXE files across SMTP, POP3 and
IMAP
- Using the FortiGate manager, define a service using
TCP port 2535 named "Bagle", then enable
blocking of this port
- Using the FortiGate manager, enable blocking of
these URLs and/or IP addresses -
www.spiegel.de - 195.71.11.67
www.leipziger-messe.de - 194.25.105.210
www.mobile.de - 213.238.62.161
www.neformal.de - 81.88.34.53, 81.88.34.54
www.avh.de - 195.124.174.250
www.Goethe.de - 195.127.17.194
www.degruyter.de - 212.87.39.252
www.heise.de - 193.99.144.71
www.autoscout24.de - 212.18.30.41
www.russische-botschaft.de - 212.227.118.97
www.bmbf.de - 213.144.21.70
www.hamann-motorsport.de - 212.227.46.140
www.fracht-24.de - 195.20.225.17
www.loveparade.de - 62.50.34.24
www.dalnoboyshic.de - 62.67.235.30
www.deutschland.de - 194.95.176.70
www.ac-schnitzer.de - 217.69.78.15
