[virusinfo] [A new wave of malware with variants of Bagle and Mi tglieder now threatens users - 03/01/05] - virusinfo

[virusinfo] [A new wave of malware with variants of Bagle and Mi tglieder now threatens users - 03/01/05]

From: "Mike" <mikebike@xxxxxxxxx>
To: virusinfo@xxxxxxxxxxxxx
Date: Wed, 02 Mar 2005 19:41:48 -0800
From; Panda Virus Alerts:

- A new wave of malware with variants of Bagle
                    and Mitglieder now threatens users -
     Virus Alerts, by Panda Software (http://www.pandasoftware.es)

MADRID, March 1st, 2005- In the last few hours, PandaLabs has detected the
appearance of six variants (BN, BO, BP, BQ, BR and BS) of the Bagle email
worm, as well as four variants (BO, BP, BQ and BR) of the Mitglieder Trojan.
Of these, the most active at present are Bagle.BN and Mitglieder.BO.
According to Panda Software's international tech support network, the latter
is causing incidents in users' computers around the globe, and is already
one of the viruses most frequently detected by Panda ActiveScan, the free
online scanner. 

Bagle.BN and Mitglieder.BO work hand-in-glove to spread as widely as
possible. Mitglieder.BO reaches computers in an email message, in an
attachment that could have names like price.zip or price2.zip. If a user
runs this file, the Trojan activates and tries to connect to an Internet
address from which it downloads the Bagle.BN worm onto the system. Once
Bagle.BN is installed on a computer, it sends Mitglieder.BO to the addresses
that it finds in a file called EML.EXE, which is also downloaded from the
Internet. To do this the worm uses its own SMTP engine.

In addition, Mitglieder.BO terminates processes belonging to various
antivirus and security programs, and overwrites the Windows 'hosts' file to
prevent users from connecting to certain web pages. 

"We are up against a similar wave of viruses to the one witnessed in 2004.
It would seem that given the similarities that we have detected in the
source code, the new Bagle and Mitglieder variants are the work of the same
person or of an organized group. In fact, the whole process began with the
massive, manual sending of thousands of emails infected with Mitglieder.BO.
Moreover, in order to confuse both antivirus vendors and users alike, a
large number of variants have been created and circulated in a very short
period of time. For this reason it is possible that new variants of both
malicious codes will continue to appear over the next few hours", explains
Luis Corrons, director of PandaLabs.

As Panda Software's International Tech Support has already detected
incidents caused by the new malicious code, users are advised to take
precautions and keep their antivirus software updated. Panda Software
clients already have the updates available to detect and disinfect the new
malicious code.

Panda Software's clients can already access the updates for installing the
new TruPreventTM Technologies along with their antivirus protection,
providing a preventive layer of protection against new malicious code. For
users with a different antivirus program installed, Panda TruPreventTM
Personal is the perfect solution, as it is both compatible with and
complements these products, providing a second layer of preventive
protection that acts while the new virus is still being studied and the
corresponding update is incorporated into traditional antivirus programs,
decreasing the risk of infection. More information about TruPreventTM
Technologies at http://www.pandasoftware.com/truprevent.

Users can also scan and disinfect their computers using Panda ActiveScan,
the free, online scanner available from: www.pandasoftware.com. 

More information about the new variants of Bagle and Mitglieder is available
from: http://www.pandasoftware.com/virus_info/encyclopedia/

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member
[virusinfo] [A new wave of malware with variants of Bagle and Mi tglieder now threatens users - 03/01/05]

Other related posts:
