Results 1 to 3 of 3

Thread: Head up : BagleDl-A Trojan horse can disable firewall in Windows XP Service Pack 2

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001

    Head up : BagleDl-A Trojan horse can disable firewall in Windows XP Service Pack 2

    Experts at Sophos have warned users to be wary of unsolicited emails claiming to contain photographs, after a Trojan horse was spammed to internet users. Many companies have reported sighting the Trojan horse at their email gateways. The Troj/BagleDl-A Trojan horse has been distributed in an email with the following characteristics:

    Subject: foto
    Message body: foto
    Attached file: foto.zip or fotos.zip
    If the user opens the attached zip file, and launches the HTML file contained within, the Trojan will attempt to download a malicious program from one of more than 130 separate websites, many based in Eastern Europe, every six hours.

    "Whoever is behind this Trojan horse is trying to increase the harm they cause by using a wide variety of different websites to spread their code, and by telling infected computers to download an updated payload every six hours," said Graham Cluley, senior technology consultant for Sophos. "This makes it harder to shut down every website under his or her control, and means the malware code can be easily and regularly updated. The mass distribution of this Trojan horse is a seeding for further attacks."

    "All computer users should ensure their anti-virus protection is up-to-date and able to counter this latest menace," continued Cluley. "Everyone should be wary of launching unsolicited email attachments and ensure their PCs are properly defended."

    Sophos notes that the BagleDl-A Trojan horse is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update. "Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this Trojan," continued Cluley. "If you launch it on a PC running Windows XP SP2 it can turn off your firewall opening the door to hackers and other internet attacks."

    The BagleDl-A Trojan horse appears to be from the same author as the Bagle worm which struck thousands of unprotected computer users earlier this year.

    Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
    Source : http://sophos.com/virusinfo/articles/bagledla.html
    -Simon \"SDK\"

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    Wow. That didn't take long at all. Thanks for posting this!

    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    Senior Member
    Join Date
    Nov 2001
    This payload contains a mass-mailing worm that uses its own SMTP engine to spread. It also opens backdoors on TCP port 80 and UDP port 80, allowing infected computers to be used as email relays.

    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts