|  |
A New and Dangerous Variant of Mitglieder Is Being Spread Massively, Reports Panda Software
According to Panda labs, the new and dangerous DC variant of the Mitglieder family of Trojans (also called Bagle.BO or BagleDI-Q by other security companies) has been sent as spam to thousands of users around the world. Mitglieder.DC blocks memory processes belonging to a range of antivirus and IT security applications, leaving the computer unprotected against other attacks. In the last hours, detections in ActiveScan are increasing progressively because this malware is being mass-mailed, which is a technique aimed at increasing the number of detections.
As this malicious code cannot spread by itself, Mitglieder.DC reaches computers in a series of highly variable email messages. For the same reason, this malicious code can be distributed through numerous channels: storage devices, Internet downloads, P2P networks, etc.
If a user runs the file that contains Mitglieder.DC, in addition to blocking security applications that could be running, it tries to connect to numerous Internet addresses, from which it downloads and runs the osa.gif file. This in turn contains Downloader.CYB, a Trojan designed to download all types of malware on computers that it infects.
"Malware creators try to distribute their creations rapidly to prevent users from having time to update their antivirus solutions. They're trying to exploit the 'vulnerability window,' i.e. the time that it takes between new malware appearing and users installing the updates on their computers," explains Luis Corrons, director of PandaLabs. "New techniques are frequently being used in order to spread malware as rapidly as possible. So for example, as in this case, thousands of infected mails could be sent simultaneously as spam, or numerous variations can be launched at the same time. Another frequently used system is to exploit software vulnerabilities, as was the case with Sasser, infecting millions of computers last year."
To prevent infection from Mitglieder.DC, or any other malicious code, Panda Software advises all users to keep their antivirus software up-to-date. Panda Software has already made the corresponding updates to detect and eliminate this new malicious code available to clients.
Panda Software's clients can already access the updates for installing the new TruPrevent(TM) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(TM) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPrevent(TM) Technologies is available at: www.pandasoftware.com/truprevent.
In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.com. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code from http://www.pandasoftware.com/partners/webmasters/.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.
For further information about the malicious code mentioned above, visit Panda Software's Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/. 02.06.2005, Panda Software
Subscribe to the newsletter | | |
| | | |
