Bagle spreads new threat - PlanetSide Universe
PSU Social Facebook Twitter Twitter YouTube Steam TwitchTV
PlanetSide Universe
PSU: got vanu?
Home Forum Chat Wiki Social AGN PS2 Stats
Notices
Go Back   PlanetSide Universe > General Forums > The Lounge

Reply
 
Thread Tools Search this Thread Display Modes
Old 2004-03-20, 03:05 AM   [Ignore Me] #1
1024
Contributor
Banned for no reason
 
1024's Avatar
 
Misc Info
Bagle spreads new threat


Originally Posted by ZDnet.com

The Bagle worm is exploiting an old Outlook flaw to spread even more quickly, while an ancient Trojan has gained a new name and a new lease of life.

Users no longer have to click on an attachment to spread the Bagle virus because the latest variants are exploiting an old flaw in Microsoft Outlook that allows the worm to spread even more quickly.

Until the appearance of Bagle variants Q, R and S, users had to click on an e-mailed attachment to be infected by the worm. However, these attachments were easily spotted by antivirus programs and eliminated. To fool antivirus software, the next batch of Bagles was sent with the attachment hidden insideinfected an encrypted Zip file, with the password to open the file contained in the e-mail's text. Antivirus companies dealt with this change within a few days, so in the next variant the password appeared in a small graphic file, making it more difficult to scan.






The latest Bagle incarnation has done away with the attachment altogether and spreads when a vulnerable user opens the e-mail using an unpatched version of Microsoft Outlook. If their Outlook preview pane is open, the victim's machine will be compromised automatically. Because of this change in tactics, experts fear the worm could spread very quickly.

Sophos's senior technology consultant, Graham Cluley, said: "This is a really sneaky, cunning trick. It's exploiting a five- or six-month-old Outlook security vulnerability so that just previewing an e-mail--not the attachment--in an unpatched copy of Outlook will result in the virus being dragged from an infected machine to your machine. This has the potential to spread very quickly because so many people, particularly home users, have not applied the patches."

Mikko Hypp�nen, director of antivirus research at F-Secure, told ZDNet UK that the latest variant uses a list of about 600 IP addresses, which all seem to be home computers connected to an ADSL service that have been infected by previous versions of Bagle. These "zombie" machines have been updated and are now used to send copies of the new worm to any computer on which the victim uses a vulnerable copy of Outlook to view an infected e-mail message.

Outlook uses elements of Internet Explorer to render the HTML for its preview pane, so to avoid the new Bagle worms, users should apply a patch for Internet Explorer that released in October 2003Microsoft .

New Bagle viruses are not the only problem brewing for Windows users. A new iteration of a Trojan horse with an unusually comprehensive set of features has also appeared.

Phatbot, also known as Agobot, is a powerful piece of malware that opens a back door on a computer and connects to its own peer-to-peer network of infected machines. Once a computer is infected and connected to this P2P network, the author of Phatbot has complete control over the computer and can use it for any number of malicious tasks.

"Phatbot is dangerous because it is so feature-rich that you can do anything--it's probably the largest back-door we have ever seen in terms of features. It has multitude of different methods of gaining access to a machine, including the back doors left by Bagle, MyDoom and Blaster. Phatbot is the Swiss army knife of Trojan horses," said Hypp�nen. "When it gains control of a machine, it connects to this P2P network that allows the virus writer to control and send commands to the infected hosts.

As a backup, it also uses an IRC channel. There are hundreds of different commands ranging from various types of DDoS attacks to stealing everything from the address book to deleting files and finding new hosts to infect."

However, Sophos's Cluley said Phatbot can be dealt with by regular antivirus software and may be garnering attention partly because of its new moniker. "We have seen lots of different versions of this Agobot, but someone started referring to it with the trendier name of Phatbot and now people have started getting excited about it," he said.
http://zdnet.com.com/2100-1105_2-5175172.html

uh-oh.
__________________


.
1024 is offline  
Reply With Quote
Old 2004-03-20, 10:09 AM   [Ignore Me] #2
Onizuka
Lieutenant General
 
Onizuka's Avatar
 


Ah, shit.
__________________
Onizuka is offline  
Reply With Quote
Old 2004-03-20, 10:53 AM   [Ignore Me] #3
Infernus
Lieutenant General
 
Infernus's Avatar
 


that sounds nasty...
__________________
Infernus is offline  
Reply With Quote
Old 2004-03-20, 12:17 PM   [Ignore Me] #4
worldvengence
Second Lieutenant
 
worldvengence's Avatar
 
Misc Info


DAMNIT...im starting a campain to kill the fuckers who dont have anything better to do than mess up honest ppls computers..whos with me? pussy ass bastards /rant off
worldvengence is offline  
Reply With Quote
Old 2004-03-20, 12:57 PM   [Ignore Me] #5
Everay
Major General
 
Everay's Avatar
 


eh, <----- not scared, just keep patchin, and keep that anti virus runnin.
Everay is offline  
Reply With Quote
Old 2004-03-20, 01:01 PM   [Ignore Me] #6
Spee
Colonel
 
Spee's Avatar
 


/me grabs cream cheese.
__________________
Spee is offline  
Reply With Quote
Old 2004-03-20, 01:05 PM   [Ignore Me] #7
worldvengence
Second Lieutenant
 
worldvengence's Avatar
 
Misc Info


was waiting for someone to make that joke
worldvengence is offline  
Reply With Quote
Old 2004-03-20, 01:34 PM   [Ignore Me] #8
Dharkbayne
Lieutenant General
 
Dharkbayne's Avatar
 


I just check my emails via MSN IM, no outlook for me, I have it, too lazy to set the mofugger up.
__________________
[Sig removed by forums changing color. Ph34r the design change.]

+200 Cool Pts
Dharkbayne is offline  
Reply With Quote
Old 2004-03-20, 05:21 PM   [Ignore Me] #9
Infernus
Lieutenant General
 
Infernus's Avatar
 


Originally Posted by Dharkbayne
I just check my emails via MSN IM, no outlook for me, I have it, too lazy to set the mofugger up.
heh... same here... why use outlook when you could use... ... ... ...something else...
__________________
Infernus is offline  
Reply With Quote
Old 2004-03-20, 09:57 PM   [Ignore Me] #10
worldvengence
Second Lieutenant
 
worldvengence's Avatar
 
Misc Info


Outlook Express....meh, it was already set up for me when i instaled the DSL software
worldvengence is offline  
Reply With Quote
Old 2004-03-21, 01:23 AM   [Ignore Me] #11
martyr
Contributor
Brigadier General
 
martyr's Avatar
 
Misc Info


i can't wait to start removing these things from stupid peoples' computers.
__________________
-martyr
martyr is offline  
Reply With Quote
Old 2004-03-21, 10:14 AM   [Ignore Me] #12
AztecWarrior
Lightbulb Collector
 
AztecWarrior's Avatar
 


OH GNOS!!!!111

Looks like I'll just have to switch to Netscape e-mail. Sucks to be you IE users right now, doesn't it?
__________________
The gun katas. Through analysis of thousands of recorded gunfights, the Cleric has determined that the geometric distribution of antagonists in any gun battle is a statistically predictable element. The gun kata treats the gun as a total weapon, each fluid position representing a maximum kill zone, inflicting maximum damage on the maximum number of opponents while keeping the defender clear of the statistically traditional trajectories of return fire. By the rote mastery of this art, your firing efficiency will rise by no less than 120%. The difference of a 63% increase to lethal proficiency makes the master of the gun katas an adversary not to be taken lightly.
AztecWarrior is offline  
Reply With Quote
Old 2004-03-21, 12:37 PM   [Ignore Me] #13
ZeusCali
Major
 


mac doesn't get viruses :-D and i never am dumb enjoy to open any emails on my flawed PC micronuts version CE ME NT
__________________
Long Time Gone, joined in 2003. Coming back to get ready for PS 2.
Learning the Ropes and looking for a good European Outfit,
Otherwise am with the VS Azure Twilights
ZeusCali is offline  
Reply With Quote
Reply
  PlanetSide Universe > General Forums > The Lounge

Bookmarks

Discord

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:52 PM.

Content © 2002-2013, PlanetSide-Universe.com, All rights reserved.
PlanetSide and the SOE logo are registered trademarks of Sony Online Entertainment Inc. © 2004 Sony Online Entertainment Inc. All rights reserved.
All other trademarks or tradenames are properties of their respective owners.
Powered by vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.