【新聞】Bagle 作者再度製造新的風暴

[kaspersky]

卡巴斯基實驗室已經偵測到大量的 Email-Worm.Win32.Bagle 的變種。這些新的變種會以不同的封裝方式出現，這些惡意程式並不會進行自我複製。換句話說，這些只能稱為即將成為的新變種，但並非一個全新的版本。然而大量受感染的郵件已經被我們所攔截意味著這個風暴是以各種郵件傳遞的方式正在進行著。
新的 Bagle 將以隨機郵件主旨與內文的夾檔來傳遞。這個惡意程式是一個 Windows 的可執行檔。檔案的名稱、格式與大小同樣都是隨機的方式出現的。因此，這也將很不容易以一種固定的方式來判斷郵件是否遭到感染，我們也嚴重警告使用者在開啟郵件附件時請特別的謹慎。
這個惡意程式將會在使用者點擊郵件的附件以後啟動 : Bagle 會將他自己複製到 Windows 的系統資料夾中並且植入系統註冊機碼。 Bagle 接下來便會關閉受感染電腦對於自我本身以及網路的保護機制、使得電腦門戶洞開以方便進行攻擊。
卡巴斯基實驗室的病毒分析中心已經偵測到十五種由 Bagle 作者所撰寫的區塊。這些區塊都很相近但是是以不同的封裝方法出現，因此卡巴斯基實驗室將這些區塊稱為Email-Worm.Win32.Bagle.pac.

[softbrian]

又來嚕？希望問題少一些，每次如果有大規模感染~~
親朋好友又會突然熱絡起來~~~ ><...

[網路天行者]

來自Panda通報Bagle.BN

Common name: Bagle.BN
Technical name: W32/Bagle.BN.worm
Threat level: Low
Type: Worm

Effects:
It opens the TCP port 80 and waits for remote connections. It sends a copy of the Trojan Mitglieder.BO to e-mail addresses contained in a file that it downloads from the Internet. It is downloaded to the affected computer by Mitglieder.BO itself.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First appeared on: March 1, 2005

Brief Description

Bagle.BN is a worm that opens the TCP port 80 and listens to it, waiting for remote connections. By doing so, Bagle.BN allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.

Bagle.BN sends a copy of the Trojan detected as Trj/Mitglieder.BO to all the e-mail addresses contained in the file EML.EXE, which it downloads from a certain web page.

In addition, Bagle.BN prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.

Bagle.BN is downloaded to the affected computer by Mitglieder.BO.

Visible Symptoms

Bagle.BN is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

http://www.pandasoftware.com