- Weekly report on viruses and intruders -
Virus Alerts, by Panda Software (
http://www.pandasoftware.com)
Madrid, September 3 2004 - This week's report on viruses and intruders looks
at four threats: Bagle.AY, Bagle.AW, Bagle.AV and CodeBase.gen.
The AY, AW and AV variants of Bagle have been sent on a massive scale, via
email, in a message with the subject: 'foto' and included in a zip file
called either FOTO.ZIP or FOTO1.ZIP. This file contains an HTML file, along
with a hidden EXE. When users open the HTML file, the EXE file is also
executed.
Bagle.AY, Bagle.AW and Bagle.AV carry out a series of actions on the
computers they infect including:
- Terminating processes if they are active in memory. The processes they
terminate include those related to antivirus programs, preventing these
applications from protecting against new viruses.
- They try to download a false JPG file from various websites, which is
actually an executable (EXE) file. Once it is downloaded, these three
variants of Bagle begin to spread.
CodeBase.gen on the other hand is a code included in the body of an email
message or web page with the aim of exploiting the following security
problems:
- Browser Cache Script Execution in My Computer Zone and Object Tag,
detected in version 4.0 or later of Internet Explorer, and which also
affects applications that use this browser (such as Outlook and Outlook
Express). Both security problems could allow an attacker to run arbitrary
code without permission when the user visits a malicious web page or opens a
specially crafted HTML mail.
- Critical vulnerability in versions 5.04 and earlier of the Winamp
multimedia player, which allows code to be run when a skin file is
installed.
For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/