Loading ...
Sorry, an error occurred while loading the content.

LATEST EMAIL VIRUS

Expand Messages
  • ilanalotus
    http://www.eweek.com/article2/0,1759,1771372,00.asp? kc=EWRSS03129TX1K0000614 Latest Bagle Worm Attacks with Trojan Horse By Ryan Naraine March 1, 2005 Be the
    Message 1 of 1 , Mar 2, 2005
    • 0 Attachment
      http://www.eweek.com/article2/0,1759,1771372,00.asp?
      kc=EWRSS03129TX1K0000614

      Latest Bagle Worm Attacks with Trojan Horse
      By Ryan Naraine
      March 1, 2005
      Be the first to comment on this article



      Anti-virus vendors are raising the alarm over another batch of Bagle
      worm mutants crawling through e-mail networks.

      The latest variants have been equipped with Trojan horse downloaders
      and new propagation techniques that have led to wide distribution,
      according to a warning from Lynnfield, Mass.-based Sophos Inc.

      ADVERTISEMENT Anti-virus research company F-Secure Inc. has so far
      counted two different Bagle variants attempting to distribute four
      downloaders via e-mail.

      Mikko Hyponnen, director of anti-virus research at F-Secure, noticed
      the new variants also using a client/server architecture to spread
      further.

      Normally, Bagle variants search local hard drives of infected
      machines to harvest e-mail addresses, but Hyponnen said the new
      variants connect to a Web back-end server capable of generating
      unique e-mail addresses.

      "The virus will then send a copy of itself to these addresses and
      loop over," Hyponnen said. According to F-Secure's virus definition,
      the worm has a backdoor that listens on port 80 and can be used to
      connect to the computer and execute arbitrary programs.

      According to an alert from Sophos, the new variants also attempt to
      stop various security applications such as anti-virus and firewall
      software. "[They try] to rename files belonging to security
      applications (so they can no longer load), and to block access to a
      range of security-related websites by changing the Windows HOSTS
      file," the company warned.

      Click here to read more about earlier Bagle worm attacks.



      "Any Trojan horse which turns off your anti-virus or firewall can
      open you up to further attack, even by very old viruses," said
      Graham Cluley, senior technology consultant for Sophos. "My advice
      is keep your anti-virus automatically updated and always be
      suspicious of unsolicited email attachments."

      Trend Micro Inc. rates the new Bagle threat as "medium risk" and
      warned of a vicious worm-Trojan propagation cycle that uses mass-
      mailing techniques to distribute copies of the Trojan.

      DISINFECTION INSTRUCTIONS:


      Sophos offers clean-up help for removing Trojans.


      Symantec virus removal tools.


      McAfee's Stinger is a stand-alone utility used to detect and remove
      specific viruses. It is not meant to be a substitute for full anti-
      virus protection, but rather a tool to assist administrators and
      users when dealing with an infected system.


      Microsoft offers a Microsoft Windows Malicious Software Removal Tool
      that checks Windows XP, Windows 2000, and Windows Server 2003
      computers for and helps remove infections by specific, prevalent
      malicious software.

      Check out eWEEK.com's Security Center for the latest security news,
      reviews and analysis. And for insights on security coverage around
      the Web, take a look at eWEEK.com Security Center Editor Larry
      Seltzer's Weblog.
    Your message has been successfully submitted and would be delivered to recipients shortly.