LATEST EMAIL VIRUS
Latest Bagle Worm Attacks with Trojan Horse
By Ryan Naraine
March 1, 2005
Be the first to comment on this article
Anti-virus vendors are raising the alarm over another batch of Bagle
worm mutants crawling through e-mail networks.
The latest variants have been equipped with Trojan horse downloaders
and new propagation techniques that have led to wide distribution,
according to a warning from Lynnfield, Mass.-based Sophos Inc.
ADVERTISEMENT Anti-virus research company F-Secure Inc. has so far
counted two different Bagle variants attempting to distribute four
downloaders via e-mail.
Mikko Hyponnen, director of anti-virus research at F-Secure, noticed
the new variants also using a client/server architecture to spread
Normally, Bagle variants search local hard drives of infected
machines to harvest e-mail addresses, but Hyponnen said the new
variants connect to a Web back-end server capable of generating
unique e-mail addresses.
"The virus will then send a copy of itself to these addresses and
loop over," Hyponnen said. According to F-Secure's virus definition,
the worm has a backdoor that listens on port 80 and can be used to
connect to the computer and execute arbitrary programs.
According to an alert from Sophos, the new variants also attempt to
stop various security applications such as anti-virus and firewall
software. "[They try] to rename files belonging to security
applications (so they can no longer load), and to block access to a
range of security-related websites by changing the Windows HOSTS
file," the company warned.
Click here to read more about earlier Bagle worm attacks.
"Any Trojan horse which turns off your anti-virus or firewall can
open you up to further attack, even by very old viruses," said
Graham Cluley, senior technology consultant for Sophos. "My advice
is keep your anti-virus automatically updated and always be
suspicious of unsolicited email attachments."
Trend Micro Inc. rates the new Bagle threat as "medium risk" and
warned of a vicious worm-Trojan propagation cycle that uses mass-
mailing techniques to distribute copies of the Trojan.
Sophos offers clean-up help for removing Trojans.
Symantec virus removal tools.
McAfee's Stinger is a stand-alone utility used to detect and remove
specific viruses. It is not meant to be a substitute for full anti-
virus protection, but rather a tool to assist administrators and
users when dealing with an infected system.
Microsoft offers a Microsoft Windows Malicious Software Removal Tool
that checks Windows XP, Windows 2000, and Windows Server 2003
computers for and helps remove infections by specific, prevalent
Check out eWEEK.com's Security Center for the latest security news,
reviews and analysis. And for insights on security coverage around
the Web, take a look at eWEEK.com Security Center Editor Larry