User Name Password Register
DaniWeb IT Discussion Community
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Windows Users Lounge section within the Tech Talk category of DaniWeb, a massive community of 426,916 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,329 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Windows Users Lounge advertiser: Programming Forums
Views: 2923 | Replies: 1
Reply
Join Date: Mar 2004
Location: London, Ontario, Canada
Posts: 54
Reputation: TheComputerGeek will become famous soon enough TheComputerGeek will become famous soon enough 
Rep Power: 6
Solved Threads: 5
TheComputerGeek TheComputerGeek is offline Offline
Junior Poster in Training

News New Worm Infects Without Attachment

  #1  
Mar 22nd, 2004
By: Jeff Johnston

A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.

Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.

Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:

Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document

The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.

Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.

=====================
If you have a question for the monthly column Computer Geek email Jeff at: geek@bizwriter.biz
Jeff Johnston is a Computer Technician for The London Transit Commission in London Ontario. He is also a writer and editor in chief of The Business of Writing

Ask The Computer Geek can be read at Families On Line Magazine
=====================

Jeff Johnston
Freelance Writer & Computer Geek Extraodinare

Editor-in-Chief
The Business of Writing

Writer
Families On-Line Magazine
NewsFactor
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Mar 2004
Location: Purmerend, Holland (near Amsterdam)
Posts: 381
Reputation: Yzk is an unknown quantity at this point 
Rep Power: 5
Solved Threads: 14
Yzk's Avatar
Yzk Yzk is offline Offline
Posting Whiz

Re: New Worm Infects Without Attachment

  #2  
Mar 22nd, 2004
I've already catched this one. I really don't like the guys who create those little buggers. I took me 4 hours to get rid of it. Late in the evening, I was VERY grumpy the next morning when I figured it was still there. Because I also caught, Trojan_SCthought_B.
- Yzk
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

DaniWeb Windows Users Lounge Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes

Similar Threads
Other Threads in the Windows Users Lounge Forum

All times are GMT -4. The time now is 11:40 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC