| | |
New Worm Infects Without Attachment
![]() |
•
•
Join Date: Mar 2004
Posts: 54
Reputation:
Solved Threads: 5
By: Jeff Johnston
A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.
Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.
Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document
The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.
Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.
A new version of the Bagle virus family uses a different infection method then older versions. Bagle-R and Bagle-Q have both been reported to spread via email without an attachment. Sophos reports that this is an attempt to bypass virus protection at the email gateway.
Bagle exploits a security hole in MS Outlook Express that Microsoft released a patch for five month ago. Unfortunately many people do not keep their computer up to date with the latest patches, which is why viruses like this are so successful. This particular strain attempts to download the virus via HTTP when the email is opened. The method that is used is the HTML within the email is coded to download and run a VisualBasic Script on the virus server, then the VBS connects to the same server and downloads the executable virus and runs it.
Like previous strains of Bagle these new strains attempt to disable firewalls and antivirus software once they are run. They also send to any address they find on the infected computer and disguise the sending information. According to Sophos the virus is reported to have used the following subject lines:
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks

RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document
The virus is not particularly damaging to the infected system, but it does put a huge load on email servers by continually propagating itself. The primary goal of this virus is to spread and survive. However since the virus does disable antivirus software and firwalls your system is at risk of other attacks and infections if you become infected.
Opening an email should not give the authority to download and execute a VBS, this is a major security threat, and Microsoft has acknowledged it as such. The patch from Microsoft is available at www.microsoft.com/technet/security/bulletin/MS03-040.mspx. It is recommended that you ensure that your system is fully patched and check on a regular basis for new security releases. Home Windows users can go to windowsupdate.microsoft.com and have their system scanned for any unapplied patches.
=====================
If you have a question for the monthly column Computer Geek email Jeff at: geek@bizwriter.biz
Jeff Johnston is a Computer Technician for The London Transit Commission in London Ontario. He is also a writer and editor in chief of The Business of Writing
Ask The Computer Geek can be read at Families On Line Magazine
=====================
Jeff Johnston
Freelance Writer & Computer Geek Extraodinare
Editor-in-Chief
The Business of Writing
Writer
Families On-Line Magazine
NewsFactor
If you have a question for the monthly column Computer Geek email Jeff at: geek@bizwriter.biz
Jeff Johnston is a Computer Technician for The London Transit Commission in London Ontario. He is also a writer and editor in chief of The Business of Writing
Ask The Computer Geek can be read at Families On Line Magazine
=====================
Jeff Johnston
Freelance Writer & Computer Geek Extraodinare
Editor-in-Chief
The Business of Writing
Writer
Families On-Line Magazine
NewsFactor
![]() |
Similar Threads
- News Story: Windows worm infects millions (Viruses, Spyware and other Nasties)
- Windows Vista, AVG I-Worm/Nuwar.U (Viruses, Spyware and other Nasties)
- W 32 spybot worm on vista 64 bit (Windows Vista and Windows 7)
- Isass.exe unable to initialise (Troubleshooting Dead Machines)
- can't stay on line (Viruses, Spyware and other Nasties)
- Microsoft SQL Server 2000 Exploit! (MS SQL)
Other Threads in the IT Professionals' Lounge Forum
- Previous Thread: Still No Deal for Microsoft and European Union
- Next Thread: Sun's 3d Desktop Environment
| Thread Tools | Search this Thread |
1gbit advertising advice amazon archive british broadband business businessprocesses career carrier censorship cern china cio collectiveintelligence connectivity consumer consumers corporateearnings datatransfer debtcollectors dictionary digg digital ebay ecommerce email employment environment facebook food government grid high-definition hottub infodelivery infotech intel internet interview ipod isp japan kindle lhc library malware marketing mit moonfruit news onlineshopping piracy piratebay pope porn program r&d religion remoteworking research retail security sex shopping simple skype smallbusiness smb sms socialmedia socialnetworking software softwareengineer spam speed spending startrek statistics stocks study stumbleupon survey tabletpc technology touch-screen touchscreen twitter uk videoinprint voips web webdeveloper windows words





