Desertdog
Member
Two stories on a new computer virus.
Bagle computer virus unleashed
http://www.ananova.com/news/story/sm_857408.html
Computer users are being warned about a new virus which has spread at "an alarming rate".
Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours.
The computer virus, or worm, is contained in infected emails as an attachment.
The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts.
Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running.
Paul Wood, chief information security analyst at the firm, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate."
Infected emails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =).
Analysis shows the worm has a cut-off date of January 28, a ploy used by hackers in the past to avoid detection. The advice to users is to ensure they update their anti-virus software on a regular basis.
2nd Virus story.
Story filed: 15:15 Monday 19th January 2004
New Worm Attacks Windows Computers
Mon Jan 19, 6:38 PM
http://news.yahoo.com/newstmpl=stor...040119/tc_washpost/a29926_2004jan19&printer=1
By Brian Krebs, washingtonpost.com Staff Writer
A new Internet worm that spread through Asia, Australia and Europe on Monday is expected to take hold in the United States on Tuesday as people go back to work after the Martin Luther King Jr. holiday.
The "Bagle" or "Beagle" worm arrives as an attachment to an e-mail with the subject line "Hi" and "test : )" in the body text. The worm is activated when a user clicks on the attached file.
Once the attachment is opened, the worm tries to send copies of itself to all of the e-mail addresses that it finds on the victim's computer, faking the return address with one randomly generated from those sifted from the infected PC. It also installs a program that lets attackers connect to infected machines, install malicious software or steal files.
The worm probably is the precursor to more evolved versions that could wreak havoc with small business and home Internet users, computer security experts said.
Carey Nachenberg, chief architect of Symantec Research Labs in Cupertino, Calif., said he expects the worm to continue its rapid spread as more Americans begin sorting through the e-mail that piled up in their in-boxes following the three-day weekend.
"This is coming on hard and fast, and that's usually a bad sign going into a shortened work week," Nachenberg said.
Bagle has spread to computers in more than 100 countries, according to MessageLabs, an e-mail security company in New York City.
FBI (news - web sites) officials did not return telephone calls seeking comment on whether law enforcement authorities are investigating the worm's origins.
Bagle also tries to download an unknown program from one of more than 30 Web sites located mostly in Germany and Russia. None of those Web sites was reachable as of Monday afternoon.
A German Internet service provider that hosted one of the Web sites recorded nearly 1 million different Internet addresses trying to connect to the site within a 24 hour period, indicating that as many as a million computers have been infected so far, said Tony Magallanez, a systems engineer for F-Secure Inc., in San Jose, Calif.
Magallanez said Bagle might be laying the groundwork for an updated version of the worm when the first version self-destructs as it is designed to do after Jan 28.
This is what happened with "Sobig," a worm that infected millions of PCs last year. The first version of Sobig appeared in January 2003, with new variants following soon after each previous version shut itself down. Sobig used backdoors installed from prior versions of itself to seed hundreds of thousands of computers with software that turned them into remotely controlled spamming machines. Security experts said that Bagle is not spreading as fast as the Sobig virus, though it has generated a high volume of e-mail.
Like the earlier worms, Bagle does not affect Macs or computers running the Linux (news - web sites) and Unix (news - web sites) operating systems.
Security researchers initially were baffled at the speed of the worm, said Ken Dunham, malicious code manager for iDefense, an Internet security firm based in Reston, Va.
They attributed the worm's high infection rate to curious home and small office computer users who could not resist clicking on the attachment. When users open the attachment it launches the calculator function included on the Windows operating system, a diversion to keep people from realizing that something else is happening to their computer.
"Bagle expands the common understanding of social engineering to include the component of curiosity," said Dunham. "... It just shows that the old tricks still work just fine and you don't have to be that brilliant of an attacker to spread a mass-mailing worm."
Larger corporations are not expected to suffer as much damage because they use current anti-virus software and firewalls to block e-mail messages bearing executable files.
The computer security community recommends that home computer owners never click on attachments unless they are expecting them from a trusted source. They also recommend that PC owners install and run up-to-date anti-virus programs to scan for computer infections.
Bagle computer virus unleashed
http://www.ananova.com/news/story/sm_857408.html
Computer users are being warned about a new virus which has spread at "an alarming rate".
Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours.
The computer virus, or worm, is contained in infected emails as an attachment.
The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts.
Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though the sites do not yet appear to be up and running.
Paul Wood, chief information security analyst at the firm, said: "We have seen over 73,000 copies of Bagle, and this number is rising at an alarming rate."
Infected emails include a file attachment ending .exe and the word "hi" in the subject line. The message contains the word "test" followed by the symbol =).
Analysis shows the worm has a cut-off date of January 28, a ploy used by hackers in the past to avoid detection. The advice to users is to ensure they update their anti-virus software on a regular basis.
2nd Virus story.
Story filed: 15:15 Monday 19th January 2004
New Worm Attacks Windows Computers
Mon Jan 19, 6:38 PM
http://news.yahoo.com/newstmpl=stor...040119/tc_washpost/a29926_2004jan19&printer=1
By Brian Krebs, washingtonpost.com Staff Writer
A new Internet worm that spread through Asia, Australia and Europe on Monday is expected to take hold in the United States on Tuesday as people go back to work after the Martin Luther King Jr. holiday.
The "Bagle" or "Beagle" worm arrives as an attachment to an e-mail with the subject line "Hi" and "test : )" in the body text. The worm is activated when a user clicks on the attached file.
Once the attachment is opened, the worm tries to send copies of itself to all of the e-mail addresses that it finds on the victim's computer, faking the return address with one randomly generated from those sifted from the infected PC. It also installs a program that lets attackers connect to infected machines, install malicious software or steal files.
The worm probably is the precursor to more evolved versions that could wreak havoc with small business and home Internet users, computer security experts said.
Carey Nachenberg, chief architect of Symantec Research Labs in Cupertino, Calif., said he expects the worm to continue its rapid spread as more Americans begin sorting through the e-mail that piled up in their in-boxes following the three-day weekend.
"This is coming on hard and fast, and that's usually a bad sign going into a shortened work week," Nachenberg said.
Bagle has spread to computers in more than 100 countries, according to MessageLabs, an e-mail security company in New York City.
FBI (news - web sites) officials did not return telephone calls seeking comment on whether law enforcement authorities are investigating the worm's origins.
Bagle also tries to download an unknown program from one of more than 30 Web sites located mostly in Germany and Russia. None of those Web sites was reachable as of Monday afternoon.
A German Internet service provider that hosted one of the Web sites recorded nearly 1 million different Internet addresses trying to connect to the site within a 24 hour period, indicating that as many as a million computers have been infected so far, said Tony Magallanez, a systems engineer for F-Secure Inc., in San Jose, Calif.
Magallanez said Bagle might be laying the groundwork for an updated version of the worm when the first version self-destructs as it is designed to do after Jan 28.
This is what happened with "Sobig," a worm that infected millions of PCs last year. The first version of Sobig appeared in January 2003, with new variants following soon after each previous version shut itself down. Sobig used backdoors installed from prior versions of itself to seed hundreds of thousands of computers with software that turned them into remotely controlled spamming machines. Security experts said that Bagle is not spreading as fast as the Sobig virus, though it has generated a high volume of e-mail.
Like the earlier worms, Bagle does not affect Macs or computers running the Linux (news - web sites) and Unix (news - web sites) operating systems.
Security researchers initially were baffled at the speed of the worm, said Ken Dunham, malicious code manager for iDefense, an Internet security firm based in Reston, Va.
They attributed the worm's high infection rate to curious home and small office computer users who could not resist clicking on the attachment. When users open the attachment it launches the calculator function included on the Windows operating system, a diversion to keep people from realizing that something else is happening to their computer.
"Bagle expands the common understanding of social engineering to include the component of curiosity," said Dunham. "... It just shows that the old tricks still work just fine and you don't have to be that brilliant of an attacker to spread a mass-mailing worm."
Larger corporations are not expected to suffer as much damage because they use current anti-virus software and firewalls to block e-mail messages bearing executable files.
The computer security community recommends that home computer owners never click on attachments unless they are expecting them from a trusted source. They also recommend that PC owners install and run up-to-date anti-virus programs to scan for computer infections.