Bagle spreads new threat - PlanetSide Universe
PSU Social Facebook Twitter Twitter YouTube Steam TwitchTV
PlanetSide Universe
PSU: Going down faster than a whore on overtime
Home Forum Chat Wiki Social AGN PS2 Stats
Notices
Go Back   PlanetSide Universe > General Forums > The Lounge

 
 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 2004-03-20, 03:05 AM   [Ignore Me] #1
1024
Contributor
Banned for no reason
 
1024's Avatar
 
Misc Info
Bagle spreads new threat


Originally Posted by ZDnet.com

The Bagle worm is exploiting an old Outlook flaw to spread even more quickly, while an ancient Trojan has gained a new name and a new lease of life.

Users no longer have to click on an attachment to spread the Bagle virus because the latest variants are exploiting an old flaw in Microsoft Outlook that allows the worm to spread even more quickly.

Until the appearance of Bagle variants Q, R and S, users had to click on an e-mailed attachment to be infected by the worm. However, these attachments were easily spotted by antivirus programs and eliminated. To fool antivirus software, the next batch of Bagles was sent with the attachment hidden insideinfected an encrypted Zip file, with the password to open the file contained in the e-mail's text. Antivirus companies dealt with this change within a few days, so in the next variant the password appeared in a small graphic file, making it more difficult to scan.






The latest Bagle incarnation has done away with the attachment altogether and spreads when a vulnerable user opens the e-mail using an unpatched version of Microsoft Outlook. If their Outlook preview pane is open, the victim's machine will be compromised automatically. Because of this change in tactics, experts fear the worm could spread very quickly.

Sophos's senior technology consultant, Graham Cluley, said: "This is a really sneaky, cunning trick. It's exploiting a five- or six-month-old Outlook security vulnerability so that just previewing an e-mail--not the attachment--in an unpatched copy of Outlook will result in the virus being dragged from an infected machine to your machine. This has the potential to spread very quickly because so many people, particularly home users, have not applied the patches."

Mikko Hypp�nen, director of antivirus research at F-Secure, told ZDNet UK that the latest variant uses a list of about 600 IP addresses, which all seem to be home computers connected to an ADSL service that have been infected by previous versions of Bagle. These "zombie" machines have been updated and are now used to send copies of the new worm to any computer on which the victim uses a vulnerable copy of Outlook to view an infected e-mail message.

Outlook uses elements of Internet Explorer to render the HTML for its preview pane, so to avoid the new Bagle worms, users should apply a patch for Internet Explorer that released in October 2003Microsoft .

New Bagle viruses are not the only problem brewing for Windows users. A new iteration of a Trojan horse with an unusually comprehensive set of features has also appeared.

Phatbot, also known as Agobot, is a powerful piece of malware that opens a back door on a computer and connects to its own peer-to-peer network of infected machines. Once a computer is infected and connected to this P2P network, the author of Phatbot has complete control over the computer and can use it for any number of malicious tasks.

"Phatbot is dangerous because it is so feature-rich that you can do anything--it's probably the largest back-door we have ever seen in terms of features. It has multitude of different methods of gaining access to a machine, including the back doors left by Bagle, MyDoom and Blaster. Phatbot is the Swiss army knife of Trojan horses," said Hypp�nen. "When it gains control of a machine, it connects to this P2P network that allows the virus writer to control and send commands to the infected hosts.

As a backup, it also uses an IRC channel. There are hundreds of different commands ranging from various types of DDoS attacks to stealing everything from the address book to deleting files and finding new hosts to infect."

However, Sophos's Cluley said Phatbot can be dealt with by regular antivirus software and may be garnering attention partly because of its new moniker. "We have seen lots of different versions of this Agobot, but someone started referring to it with the trendier name of Phatbot and now people have started getting excited about it," he said.
http://zdnet.com.com/2100-1105_2-5175172.html

uh-oh.
__________________


.
1024 is offline  
Reply With Quote
 
  PlanetSide Universe > General Forums > The Lounge

Bookmarks

Discord

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:48 PM.

Content © 2002-2013, PlanetSide-Universe.com, All rights reserved.
PlanetSide and the SOE logo are registered trademarks of Sony Online Entertainment Inc. © 2004 Sony Online Entertainment Inc. All rights reserved.
All other trademarks or tradenames are properties of their respective owners.
Powered by vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.