The latest variants of the Bagle worm have alarmed antivirus companies because of the multiple-stage process they use to attack PCs.
The variants, which Computer Associates International has given a new name--Glieder--because it says they are so different from previous Bagle worms, combine several elements in a way not seen before. In this staged approach, viruses seed their victims, then disarm them, and then finally exploit them.
"We've seen blended threats before where a virus uses several methods to spread, but not like this" said Chris Thomas, a Computer Associates Australia security architect.
The Win32.Glieder worm spreads using a common mass-mailing method, relying on people to click on an attachment so it e-mails itself on to names in the address book. "This is the beachhead," said Thomas. "The whole point is to get to as many victims as fast as possible with a lightweight piece of malware." On Tuesday, CA saw eight variants released.
As well as e-mailing itself, the mass-mailer downloads a Trojan called Win32.Fantibag to the infected machine, which is designed to block antivirus software updates. It also blocks Microsoft's update site, windowsupdate.microsoft.com, said Thomas. "This stops the machines (from) protecting themselves," he added. "It means that software can?t get updates, that victims can't go for help and that effectively infected PC users are isolated."
The final part of the triumvirate is a second Trojan, called Win32.Mitglieder, which disables firewalls and antivirus software, further lowering the shields, and then hijacks the infected PC for use as part of a botnet. Botnets are groups of networked machines, often numbering in the thousands, that are hired as spam relays, for tracking users' behavior and for identity theft.
"There is a commodities market for victimized PCs," Thomas said. "Recently we?ve seen spammers and criminals engaged in fraud, paying approximately five cents per machine for compromised PCs."
The latest attack has been very effective. "The stats we have seen show it is still spreading quickly," said Thomas.
Thomas said the virus does not appear to block access to Computer Associates' virus patch update site, but could not offer an explanation as to why this had been missed off the list.
It is pathetic that 10 years have passed since email entered the mainstream and we are STILL dealing with this virus/worm/malware crud. We've gone from Intel 286 computers with 640K of ram to multi-gigahertz, multi-megabyte systems and the infection problem is bigger than ever. By now we should have artificial intelligence systems providing an impenetrable fortress.
A simple solution to slow the spread of email infection is available, and it's used by large service providers like Yahoo. In order to prevent bot spamming, these systems require that you enter a key into a response box that matches a random fuzzy graphic of a word. Since it requires a human brain to discern what word the random graphic represents, it effectively stops automated responses. If this method were incorporated into all email clients, it would not be possible for the virus/worm to automatically send email to everyone in the victim's address book.
Sorry, it has to be said; OS X. While no OS is 100% bullet proof, no sane individual can conclude that MS deserves the majority of the blame for this junk happening. Windows and IE are ancient and hare full of holes, bottom line.
With the built-in (systemic) security in UNIX, there is no excuse to continue with MS's FAILED system. (yes, I know UNIX is "ancient" as well, but it's security advantage over Windows is unquestionable).
I hate to sound like another "GET A MAC" guy, but these problems with Windows security are ridiculous.
I feel sorry for folks who have to deal with this.
And the adherents of whichever OS (today it's the Mac but that's just today) still spew nonsense and garbage as their justification for disliking the dominant OS.
It is not that I like MS, or dislike them. I have a job to do, and say what you will, it can't get done on a Mac. (The guy I replaced tried; after spending way too much and getting way too little, the company axed him) So they can gloat if they want. I gloat every time I prove you can get more done for less on a PC. Fair is fair.
This worm while it does take advantage of windows vulnerabilities it still depends on users clicking on attachments. The only way to really prevent it is to not let people install programs, and who would really want a computer like that?.
I do agree that OSX and Linux offer an extra layer of security because the user had to use his/her root/admin password to install anything... but not too long ago there was a mass mailing worm that sent itself inside a password protected zip file (antivirus programs can't see inside those without the password)... the password was attached as an image in the email... people had to look at the password, open the zip file, input the 4 or 5 digits numeric password and then run the executable file inside... and lots of people still did and the worm spread quite a bit.
Loco, are you saying that if 90% of users were running OS X and virus writers made these executable in UNIX, then the problem would still exist to the extent it does under Windows? Sure, there will always be people who click on an attachment and give their admin pw when asked then get infected. But no where near the problem we have today because Windows allows these things to run without anyone noticing because everyone is an admin running as root user (or whatever the equivalent is).
I don't mean to gloat, really. I just think more pressure on MS (who is acting as a huge monopoly and stepping all over its customers) is in order. People who act as apologists for MS have their head in the sand.
Computers are utilitarian machines. Due to the lack of attention paid by MS to security (real, deep down security), the utility of the majority of these machines is severely diminished. I just want to see less PC drones and more PC activists.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here, and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Proposal provides $140 billion for research and development of technologies such as clean energy, wireless communications, and cybersecurity--a 5 percent increase over 2012.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
A simple solution to slow the spread of email infection is available, and it's used by large service providers like Yahoo. In order to prevent bot spamming, these systems require that you enter a key into a response box that matches a random fuzzy graphic of a word. Since it requires a human brain to discern what word the random graphic represents, it effectively stops automated responses. If this method were incorporated into all email clients, it would not be possible for the virus/worm to automatically send email to everyone in the victim's address book.
no sane individual can conclude that MS deserves the majority of
the blame for this junk happening. Windows and IE are ancient
and hare full of holes, bottom line.
With the built-in (systemic) security in UNIX, there is no excuse
to continue with MS's FAILED system. (yes, I know UNIX is
"ancient" as well, but it's security advantage over Windows is
unquestionable).
I hate to sound like another "GET A MAC" guy, but these
problems with Windows security are ridiculous.
I feel sorry for folks who have to deal with this.
deserves the majority of the blame for this junk happening."
I also apologize for using a double negative. I'll got to bed now.
watch, and stop gloating over the fact that they're not affected.
So they can gloat if they want. I gloat every time I prove you can get more done for less on a PC. Fair is fair.
I do agree that OSX and Linux offer an extra layer of security because the user had to use his/her root/admin password to install anything... but not too long ago there was a mass mailing worm that sent itself inside a password protected zip file (antivirus programs can't see inside those without the password)... the password was attached as an image in the email... people had to look at the password, open the zip file, input the 4 or 5 digits numeric password and then run the executable file inside... and lots of people still did and the worm spread quite a bit.
virus writers made these executable in UNIX, then the problem
would still exist to the extent it does under Windows? Sure,
there will always be people who click on an attachment and give
their admin pw when asked then get infected. But no where
near the problem we have today because Windows allows these
things to run without anyone noticing because everyone is an
admin running as root user (or whatever the equivalent is).
I don't mean to gloat, really. I just think more pressure on MS
(who is acting as a huge monopoly and stepping all over its
customers) is in order. People who act as apologists for MS have
their head in the sand.
Computers are utilitarian machines. Due to the lack of attention
paid by MS to security (real, deep down security), the utility of
the majority of these machines is severely diminished. I just
want to see less PC drones and more PC activists.