From; Panda Virus Alerts: - A new wave of malware with variants of Bagle and Mitglieder now threatens users - Virus Alerts, by Panda Software (http://www.pandasoftware.es) MADRID, March 1st, 2005- In the last few hours, PandaLabs has detected the appearance of six variants (BN, BO, BP, BQ, BR and BS) of the Bagle email worm, as well as four variants (BO, BP, BQ and BR) of the Mitglieder Trojan. Of these, the most active at present are Bagle.BN and Mitglieder.BO. According to Panda Software's international tech support network, the latter is causing incidents in users' computers around the globe, and is already one of the viruses most frequently detected by Panda ActiveScan, the free online scanner. Bagle.BN and Mitglieder.BO work hand-in-glove to spread as widely as possible. Mitglieder.BO reaches computers in an email message, in an attachment that could have names like price.zip or price2.zip. If a user runs this file, the Trojan activates and tries to connect to an Internet address from which it downloads the Bagle.BN worm onto the system. Once Bagle.BN is installed on a computer, it sends Mitglieder.BO to the addresses that it finds in a file called EML.EXE, which is also downloaded from the Internet. To do this the worm uses its own SMTP engine. In addition, Mitglieder.BO terminates processes belonging to various antivirus and security programs, and overwrites the Windows 'hosts' file to prevent users from connecting to certain web pages. "We are up against a similar wave of viruses to the one witnessed in 2004. It would seem that given the similarities that we have detected in the source code, the new Bagle and Mitglieder variants are the work of the same person or of an organized group. In fact, the whole process began with the massive, manual sending of thousands of emails infected with Mitglieder.BO. Moreover, in order to confuse both antivirus vendors and users alike, a large number of variants have been created and circulated in a very short period of time. For this reason it is possible that new variants of both malicious codes will continue to appear over the next few hours", explains Luis Corrons, director of PandaLabs. As Panda Software's International Tech Support has already detected incidents caused by the new malicious code, users are advised to take precautions and keep their antivirus software updated. Panda Software clients already have the updates available to detect and disinfect the new malicious code. Panda Software's clients can already access the updates for installing the new TruPreventTM Technologies along with their antivirus protection, providing a preventive layer of protection against new malicious code. For users with a different antivirus program installed, Panda TruPreventTM Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent. Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available from: www.pandasoftware.com. More information about the new variants of Bagle and Mitglieder is available from: http://www.pandasoftware.com/virus_info/encyclopedia/ NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member