Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Important Announcement: In recognition of reaching a milestone of 1,000,000 posts on the site, we are hosting the BC 1 Million Post contest. More information about this contest can be found at the following link:

Bleeping Computer 1,000,000 Post Contest

- BleepingComputer Management
 
Reply to this topicStart new topic
> Bagz.H spreads, This week's report on viruses
thatman
post Nov 8 2004, 04:52 AM
Post #1


Member
**

Group: Members
Posts: 121
Joined: 29-May 04
Member No.: 604
Hi

"Since thou are not sure of a minute,
throw not away an hour."
Benjamin Franklin (1706-1790); US scientist and politician.

- Weekly report on viruses and intruders -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, November 7, 2004 - This week's report on viruses and intruders will
focus on the Bagz.H and Mitglieder.AY worms and the Citifraud.A Trojan.

Bagz.H spreads via e-mail. To do this it looks for email addresses in the
files with a DBX, HTM, TBB, TBI or TXT extension on the affected computer.
However, it does not send itself out to all the addresses it finds, as it
avoids addresses with texts strings like abuse, admin. or administrator@,
among others.

The email messages carrying Bagz.H do not have a fixed format, as the
subject, message text and file name can vary. If the user runs the
attachment, Bagz.H will install itself as a service called Xuy v palto.
What's more, this worm modifies the Windows hosts file, preventing certain
Internet addresses from being accessed.

Bagz.H also deletes the entries in the Windows Registry that belong to
certain antivirus and security applications and creates new entries that
allow it to activate whenever the computer is started up.

Mitglieder.AY is a malicious code that is closely related to Bagle.BC and
Bagle.BE (detected a few days ago), as it takes advantage of the effects of
these worms to get into computers directly from the Internet. Mitglieder.AY
uses the backdoor created by both variants of Bagle in TCP port 81.
Mitglieder.AY scans for IP addresses in which the TCP port 81 is open. If it
finds this port open, it copies itself to those computers as a file called
winshost.exe.

From then on, Mitglieder.AY ends the processes in memory belonging to
different applications. What's more, every six hours, it attempts to
download the file zoo.jpg from certain web addresses. If successful, this
file is saved on the affected computer under the name File.exe. When this
file is run, it downloads other malware to the affected computer.

We are going to finish today's report with a Trojan called Citifraud.A,
which is actually a file written in HTML that exploits a known vulnerability
in Microsoft Internet Explorer. It contains a link pretend to access the
website of a well-known bank. However, this address actually accesses a
false website that imitates the original page. By doing this, it tries to
steal account details entered by the user, allowing the hacker to access the
bank account.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/.

Additional information

- Port/Communication port: Point through which a computer transfers
information (inbound/outbound) via TCP/IP.

- Vulnerability: Flaws or security holes in a program or IT system, and
often used by viruses as a means of infection.
Go to the top of the page
 
+Quote Post
« Next Oldest · Breaking Virus & Security News · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 20th November 2008 - 06:59 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides

© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2008  IPS, Inc.