contents

software
 
A New Bagle Worm Causes Incidents among Users

PandaLabs has detected the appearance of Bagle.KT, a new variant of this infamous family of worms. According to data from PandaLabs, this malicious code has already caused a number of incidents and users are advised to act with caution when opening emails.

TruPrevent proactive protection technologies have detected and blocked Bagle.KT without having previously identified it and users with these technologies installed have been protected from this worm from the moment it appeared.

The new Bagle.KT is very similar to its predecessors. It is an email worm which, using its own SMTP engine, sends itself to addresses that it finds on infected computers.

The email carrying Bagle.KT has a variable subject, while the message text is blank. The attachment to the message, which actually contains Bagle.KT, is a .zip, file with a name randomly chosen, as new_price12-Dec-2006.

When the user runs the attached file, the worm sends itself out to all the email addresses it finds in a wide range of files stored on the computer. It also tries to download files from certain Internet addresses.

Finally, the worm creates a series of entries in the Windows Registry in order to ensure it is run every time the system is started up.



write your comments about the article :: © 2006 Computing News :: home page