Home > Security News > Bagle strikes again
Security News:
EMAIL THIS

Bagle strikes again

By Shawna McAlearney, News Editor
31 Aug 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

A new variant of the Bagle worm is gaining traction in the wild this afternoon, with more than 11,000 interceptions identified within the first few hours of its spread, according to Reston, Va.-based iDefense. Antivirus vendors are working to update signatures, but blocking .zip files eliminates the threat.

"To stop this worm block all .zip files and be wary of e-mails with the subject, message or attachment related to 'foto' or 'foto.zip,'" said Ken Dunham, director of malicious code at iDefense. " If the user opens the seemingly harmless HTML file the worm attempts to install itself on the local computer."

According to iDefense, Bagle-AQ uses a .zip attachment containing an HTML file that attempts to exploit Internet Explorer systems vulnerable to the object-data flaw. It attempts to install a copy of itself in the Windows System directory, mass mails copies of itself, and modifies the Windows registry to start up on reboot. It also attempts to download code from 131 different URLs, of which none contained code at the time of this writing.

E-mails look like this:

Subject: foto
Message body: foto
Attachment: fotos.zip, which contains foto.html and foto.exe.

TruSecure, an MSSP in Reston, Va., recommends other steps to mitigate future outbreaks of Bagle and other malicious code. "Disable HTML in mail either by filtering at mail perimeter or at the mail client." The vendor is a proponent of blocking .zip files and said that enterprises that do so greatly reduce their risk. Other methods to reduce such risk include: scanning inside of .zip files; restricting access to AOL and Web mail; using desktop antivirus scanners for all files on disk access; using security awareness training; renaming the file name extension for .zip files before transmission; and restricting sharing of whole drives and minimizing folder sharing to valid business purposes. Also, restricting outbound SMTP to designated mail servers eliminates the risk of infected internal hosts using SMTP outbound to further spread the infection

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts