| A new and dangerous DC variant of the Mitglieder family of
Trojans (also called Bagle.BO or BagleDI-Q ) has been sent as
spam to thousands of users around the world. Mitglieder.DC blocks
memory processes belonging to a range of antivirus and IT security
applications, leaving the computer unprotected against other
attacks. In the last hours, detections are increasing progressively
because this malware is being mass-mailed, which is a technique
aimed at increasing the number of detections.
As this malicious code cannot spread by itself, Mitglieder.DC
reaches computers in a series of highly variable email messages.
For the same reason, this malicious code can be distributed
through numerous channels: storage devices, Internet downloads,
P2P networks, etc.
If a user runs the file that contains Mitglieder.DC, in addition
to blocking security applications that could be running, it
tries to connect to numerous Internet addresses, from which
it downloads and runs the osa.gif file. This in turn contains
Downloader.CYB, a Trojan designed to download all types of
malware on computers that it infects.
CNET News claims that Mitglieder.DC is very dangerous due
to the fact that "in its multiple staged approach, viruses
seed their victims, then disarm them, and then finally exploit
them."
"Malware creators try to distribute their creations
rapidly to prevent users from having time to update their
antivirus solutions. They're trying to exploit the "vulnerability
window", i.e. the time that it takes between new malware
appearing and users installing the updates on their computers",
explains Luis Corrons. "New techniques are frequently
being used in order to spread malware as rapidly as possible.
So for example, as in this case, thousands of infected mails
could be sent simultaneously as spam, or numerous variations
can be launched at the same time. Another frequently used
system is to exploit software vulnerabilities, as was the
case with Sasser, infecting millions of computers last year."
How can users protect against these types of attacks?
The answer lies with ArmourPlate. Since viruses are usually
more prevalent and more damaging to networks than hackers
and crackers are, e-mail users should be instructed to be
exceedingly careful about the attachments they open, especially
those from unknown sources. While this will help with the
vast majority of e-mail-borne malicious code, organizations
can eliminate the risk of opening infected files completely
by ensuring that they have antivirus protection such as ArmourPlate
in place.
ArmourPlate stops viruses dead before they even get a chance
to reach organization's networks, by using three respected
anti virus software suites and its own proprietary technology
that detects and stops new viruses that have not yet been
discovered.
In short, ArmourPlate would work alongside your existing
systems to safeguard your company's internal network, preventing
it from malicious virus
and email attacks and clogging with spam,
which causes costly downtime. By both in-bound and out-bound
scanning, your professional reputation with your staff, clients,
partners and peers is protected. ArmourPlate is brought to
you with outstanding recommendations
and eliminates the need for organizations to worry, creating
complete peace of mind.
Source: CNET and Antivirus
World
|
CONTACT
US
Massive Spread of New and Dangerous Bagle Variant - 07/06/2005
]
