New Worm Infects Without Attachment

Expand Post »

By: Jeff Johnston

A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.

Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.

Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:

Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks

RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document

The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.

Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.

Similar Threads

Windows worm infects millions in Viruses, Spyware and other Nasties
Windows Vista, AVG I-Worm/Nuwar.U in Viruses, Spyware and other Nasties
W 32 spybot worm on vista 64 bit in Windows Vista and Windows 7
Isass.exe unable to initialise in Troubleshooting Dead Machines
can't stay on line in Viruses, Spyware and other Nasties

TheComputerGeek

Reputation Points: 89

Solved Threads: 5

Junior Poster in Training

Offline

53 posts
since Mar 2004

Permalink

Mar 22nd, 2004

Re: New Worm Infects Without Attachment

I've already catched this one. I really don't like the guys who create those little buggers. I took me 4 hours to get rid of it. Late in the evening, I was VERY grumpy the next morning when I figured it was still there. Because I also caught, Trojan_SCthought_B.

Yzk

Reputation Points: 82

Solved Threads: 14

Posting Whiz

Offline

380 posts
since Mar 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in IT Professionals' Lounge Forum Timeline: Still No Deal for Microsoft and European Union

Next Thread in IT Professionals' Lounge Forum Timeline: Sun's 3d Desktop Environment

DaniWeb Message

Cancel Changes

User Name
Password