•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Windows Users Lounge section within the Tech Talk category of DaniWeb, a massive community of 426,916 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,329 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Windows Users Lounge advertiser: Programming Forums
Views: 2923 | Replies: 1
 |
•
•
Join Date: Mar 2004
Location: London, Ontario, Canada
Posts: 54
Reputation: 
Rep Power: 6
Solved Threads: 5
Junior Poster in Training
New Worm Infects Without Attachment By: Jeff Johnston
A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.
Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.
Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document
The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.
Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.
A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.
Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.
Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document
The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.
Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.
=====================
If you have a question for the monthly column Computer Geek email Jeff at: geek@bizwriter.biz
Jeff Johnston is a Computer Technician for The London Transit Commission in London Ontario. He is also a writer and editor in chief of The Business of Writing
Ask The Computer Geek can be read at Families On Line Magazine
=====================
Jeff Johnston
Freelance Writer & Computer Geek Extraodinare
Editor-in-Chief
The Business of Writing
Writer
Families On-Line Magazine
NewsFactor
If you have a question for the monthly column Computer Geek email Jeff at: geek@bizwriter.biz
Jeff Johnston is a Computer Technician for The London Transit Commission in London Ontario. He is also a writer and editor in chief of The Business of Writing
Ask The Computer Geek can be read at Families On Line Magazine
=====================
Jeff Johnston
Freelance Writer & Computer Geek Extraodinare
Editor-in-Chief
The Business of Writing
Writer
Families On-Line Magazine
NewsFactor
•
•
Join Date: Mar 2004
Location: Purmerend, Holland (near Amsterdam)
Posts: 381
Reputation:
Rep Power: 5
Solved Threads: 14
Posting Whiz
I've already catched this one. I really don't like the guys who create those little buggers. I took me 4 hours to get rid of it. Late in the evening, I was VERY grumpy the next morning when I figured it was still there. Because I also caught, Trojan_SCthought_B.
- Yzk
|
•
•
•
•
•
•
•
•
DaniWeb Windows Users Lounge Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
•
•
•
•
aero apple browser cd choose computer crack debian defender dell development download drm fiji install internet leopard linux mac microsoft mobile myspace news office open operating os pc photo prompt security server skype software source spyware survey system tiger torvalds ubuntu unix upgrade vista web windows windows update windows vista worm xp
- Isass.exe unable to initialise (Troubleshooting Dead Machines)
- can't stay on line (Viruses, Spyware and other Nasties)
- W32.Welchia.Worm (Windows NT / 2000 / XP / 2003)
- Virus (Windows NT / 2000 / XP / 2003)
- W32.Blaster.Worm - RPC vulnerability causes reboots in Windows NT, 2K, and XP. (Windows NT / 2000 / XP / 2003)
- Microsoft SQL Server 2000 Exploit! (MS SQL)
Other Threads in the Windows Users Lounge Forum
- Previous Thread: MikeRoweSoft.com?
- Next Thread: Spyware check
