On GameSpot: Wii Fit tells 10-year-old she's fat
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Matt Loney, News.com
Posted on ZDNet News: Jun 2, 2005 2:46:00 PM

The latest variants of the Bagle worm have alarmed antivirus companies because of the multiple-stage process they use to attack PCs.

The variants, which Computer Associates International has given a new name--Glieder--because it says they are so different from previous Bagle worms, combine several elements in a way not seen before. In this staged approach, viruses seed their victims, then disarm them, and then finally exploit them.

"We've seen blended threats before where a virus uses several methods to spread, but not like this" said Chris Thomas, a Computer Associates Australia security architect.

The Win32.Glieder worm spreads using a common mass-mailing method, relying on people to click on an attachment so it e-mails itself on to names in the address book. "This is the beachhead," said Thomas. "The whole point is to get to as many victims as fast as possible with a lightweight piece of malware." On Tuesday, CA saw eight variants released.

As well as e-mailing itself, the mass-mailer downloads a Trojan called Win32.Fantibag to the infected machine, which is designed to block antivirus software updates. It also blocks Microsoft's update site, windowsupdate.microsoft.com, said Thomas. "This stops the machines (from) protecting themselves," he added. "It means that software can’t get updates, that victims can't go for help and that effectively infected PC users are isolated."

The final part of the triumvirate is a second Trojan, called Win32.Mitglieder, which disables firewalls and antivirus software, further lowering the shields, and then hijacks the infected PC for use as part of a botnet. Botnets are groups of networked machines, often numbering in the thousands, that are hired as spam relays, for tracking users' behavior and for identity theft.

"There is a commodities market for victimized PCs," Thomas said. "Recently we’ve seen spammers and criminals engaged in fraud, paying approximately five cents per machine for compromised PCs."

The latest attack has been very effective. "The stats we have seen show it is still spreading quickly," said Thomas.

Thomas said the virus does not appear to block access to Computer Associates' virus patch update site, but could not offer an explanation as to why this had been missed off the list.

Matt Loney of ZDNet UK reported from London.

  • Talkback
  • Most Recent of 116 Talkback(s)
M$ Under Attack, Again
Did someone say Linux?, No one? Umm. Reason #1 I run dual boot system w/all the hassles of learning a new OS...VIRUSES. After 3 attacks in one year I Gave up on MS for web Apps. Linux for me, pal. For... (Read the rest)
Posted by: previso@... Posted on: 06/08/05 You are currently: Logged In | Log out
Remember kiddies, don't open those .COMs Nigel Johnstone   | 06/02/05
.. or .BAT, or .SCR, or .PIF.... Xunil_Sierutuf   | 06/02/05
Butt... Qbt   | 06/02/05
True the user must click it voska   | 06/02/05
You Shouldnt Have to Worry About Clicking It? Jadal   | 06/02/05
It's common sense voska   | 06/02/05
Ya gotta have knowledge of what is common sense first Squawkbox   | 06/02/05
If it was common sense.... jheine   | 06/02/05
Or nothing springerj   | 06/02/05
Or nothing new roo_z   | 06/03/05
What email, firewall, and EV programs are you using? cdgoldin   | 06/02/05
how come? pesky_z   | 06/02/05
Because it's an exchange medium eustace   | 06/02/05
Paranoia out of the box. Anton Philidor   | 06/02/05
That is not correct Dave P.   | 06/02/05
There's a less paranoia-spreading solution heylyn   | 06/02/05
Good idea just not fool-proof. iwish40   | 06/02/05
Good Idea G Fedorchuk   | 06/04/05
....or use any older version of Outlook... jheine   | 06/02/05
VoialAutomation pj-xmesh   | 06/02/05
Your action is required! artplus@...   | 06/02/05
Well said. Grayson Peddie   | 06/02/05
Rip Van Redmond cdgoldin   | 06/02/05
It's simple Predator_z   | 06/02/05
DUH glstorck@...   | 06/02/05
Service Pack 2 CD kvhepler   | 06/02/05
Here ya go Squawkbox   | 06/02/05
RE..sp2 CD iwish40   | 06/02/05
I wonder if the guy even chkd back Squawkbox   | 06/02/05
Damn you, Squawky! Real World   | 06/03/05
Liked my Easter Egg huh? Squawkbox   | 06/03/05
It also wouldn't hurt... Dave P.   | 06/02/05
Antivirus companies are partly to blame pwabrahams   | 06/02/05
be careful what you ask for michael@...   | 06/02/05
On that evidence...... cicuta   | 06/02/05
On that evidence...... namnav   | 06/02/05
Windows vs. Linux pwabrahams   | 06/02/05
Couple things about this... Zinoron   | 06/02/05
Linux and viruses pwabrahams   | 06/02/05
5 years? Wolfie2K3   | 06/02/05
Linux... because it's not a popular desktop client? Yet. HypnoToad   | 06/02/05
No they're not cicuta   | 06/02/05
Disabling virus protection pwabrahams   | 06/02/05
Let them all be infected cicuta   | 06/02/05
Well hold on bucko Squawkbox   | 06/02/05
Antivirus updates pwabrahams   | 06/02/05
Oh I agree, I agree Squawkbox   | 06/02/05
They do. Er, mine does, anyway. eustace   | 06/02/05
Antivirus companies are greedy too terrym0021   | 06/02/05
I use free antivirus software heylyn   | 06/02/05
Behavior of botted machines pwabrahams   | 06/02/05
I have to agree with you glstorck@...   | 06/02/05
Would this affect my new iMac G5? Paco20   | 06/02/05
Nope, sorry... pablo@...   | 06/02/05
Sorry, These Viruses Only Affect Inferior OSes... itanalyst   | 06/02/05
Re: Sorry, These Viruses Only Affect Inferior OSes... eustace   | 06/02/05
don't bother responding to the "analyst" John Zern   | 06/02/05
You call a 92% market share "inferior"? cicuta   | 06/02/05
Huh? Me thinks you exaggerate a touch Squawkbox   | 06/02/05
Me thinks you haven't met some ZDNet users.... cicuta   | 06/02/05
Are you new to the ZDNet forums? Squawkbox   | 06/02/05
You misinterpreted the word 'inferior' buran   | 06/02/05
Why Thank You Buran! itanalyst   | 06/02/05
I don't have any tattoos of Win-logo (or any others) buran   | 06/03/05
Just because... croloff   | 06/02/05
OS's designed for the "mass market" are inherently inferior Kaysee   | 06/02/05
WRONG itanalyst   | 06/02/05
Re: Wrong Paco20   | 06/02/05
Re: You call a 92% market share inferior? Paco20   | 06/02/05
You, sir, are the one suffering from delusions kbeartxzd   | 06/06/05
Would this affect my new iMac G5? batavier   | 06/02/05
No, but... gfeier   | 06/03/05
Are new variations of old worms getting scary? billh@...   | 06/02/05
Only if you paid them enough Jake M.D.   | 06/02/05
I think what we"re seeing s_gamgee   | 06/03/05
Who's in control? Chryse   | 06/02/05
You should be BassPlayer_z   | 06/02/05
You can still be in control! cdgoldin   | 06/02/05
Disconnect your network whenever possible terrym0021   | 06/02/05
Who's in control? ... I am bobjones68@...   | 06/02/05
We need a piece of software... trm1945   | 06/02/05
Blame users , oh so easy by arrogant tech redrumbler   | 06/02/05
I Keep All My Relevant Data On My 1GB Jump Drive itanalyst   | 06/02/05
Make lots of copies. Share less pirvate data on P2P (Emule, Limiwire...) GreatInca   | 06/02/05
RE: Blame users , oh so easy by arrogant tech Linux User 147560   | 06/02/05
What happens when... Predator_z   | 06/02/05
RE: What happens when... Linux User 147560   | 06/02/05
Well I am waiting Linux User 147560   | 06/02/05
Numerically & Factually Challenged Scoring? _Shayde_   | 06/02/05
RE: Numerically & Factually Challenged Scoring? Linux User 147560   | 06/03/05
So there people are STILL michael_t   | 06/02/05
Firemen starting their own fires? psoup   | 06/02/05
There's a new idea... Jake M.D.   | 06/02/05
Both ways Predator_z   | 06/02/05
Starting Fires fpodolka   | 06/03/05
just say no Tommy Gun   | 06/02/05
Basically Jake M.D.   | 06/02/05
along the lines of bad_bad_virus.EXE. dmartin7   | 06/02/05
antivirus programs goldentree   | 06/02/05
Makes One Wonder.... EBathory   | 06/02/05
Simple - don't buy a Windows box ITGuy04   | 06/02/05
The only practical solution... RKaiser@...   | 06/02/05
Block Zombie Host s_gamgee   | 06/03/05
And cell phones are faster becoming a mobile threat FilledOut   | 06/02/05
The best solution nightshade0143   | 06/02/05
Ha Ha!..... ab@...   | 06/02/05
Extra protection SilverEagle_z   | 06/02/05
FYI, OS-X *already* works this way... kbeartxzd   | 06/06/05
Missing the storm (for 6 years) Canadian Kodiak   | 06/02/05
The other day s_gamgee   | 06/03/05
Solution roo_z   | 06/03/05
it's time for email attachments to be segregated alan@...   | 06/03/05
Those cute Flash websites RikP   | 06/04/05
My OS/2 whips all your puny OSes FilledOut   | 06/04/05
Network Lockdown wolfsouls   | 06/06/05
M$ Under Attack, Again previso@...   | 06/08/05

What do you think?

advertisement

The Green Enterprise

advertisement
Click Here