Weekly report on viruses and intruders

Sep 07, 2004 Weekly Virus Report Comments (0)

This week's report on viruses and intruders looks at four threats: Bagle.AY, Bagle.AW, Bagle.AV and CodeBase.gen.

The AY, AW and AV variants of Bagle have been sent on a massive scale, via email, in a message with the subject: 'foto' and included in a zip file called either FOTO.ZIP or FOTO1.ZIP. This file contains an HTML file, along with a hidden EXE. When users open the HTML file, the EXE file is also executed.

Bagle.AY, Bagle.AW and Bagle.AV carry out a series of actions on the computers they infect including:

- Terminating processes if they are active in memory. The processes they terminate include those related to antivirus programs, preventing these applications from protecting against new viruses.

- They try to download a false JPG file from various websites, which is actually an executable (EXE) file. Once it is downloaded, these three variants of Bagle begin to spread.

CodeBase.gen on the other hand is a code included in the body of an email message or web page with the aim of exploiting the following security problems:

- Browser Cache Script Execution in My Computer Zone and Object Tag, detected in version 4.0 or later of Internet Explorer, and which also affects applications that use this browser (such as Outlook and Outlook Express). Both security problems could allow an attacker to run arbitrary code without permission when the user visits a malicious web page or opens a specially crafted HTML mail.

- Critical vulnerability in versions 5.04 and earlier of the Winamp multimedia player, which allows code to be run when a skin file is installed.

For further information about these and other computer threats, visit Panda Software's Virus Encyclopedia.

About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

Add a Comment

No messages on this article yet

Other Resources

About Us

Established in 1997, Manufacturing & Logistics IT Magazine (LogisticsIT.com) is the leading specialist IT solutions magazine and web-site covering all aspects of end-to-end supply chains within a wide range of vertical markets. The editorial content covers real live applications within collaborative supply chain environments and has contribution from leading vendors and research analysts. This provides our readers with an insight into how technological developments enable all kinds of businesses to operate effectively and efficiently.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter

Find us on Social Networks

Useful links

Weekly report on viruses and intruders

Add a Comment

Related Weekly Virus Report Articles

How to contact us

Other Resources

About Us

Find us on Social Networks

Useful links

Critical Issues

Technologies

Verticals

Weekly report on viruses and intruders

Add a Comment

Related Weekly Virus Report Articles

Let the news come to you!

How to contact us

Other Resources

About Us