NEW: Bagle-AU worm disables Windows XP SP2 firewall
Results 1 to 8 of 8

Thread: NEW: Bagle-AU worm disables Windows XP SP2 firewall

  1. #1
    Registered User TechZ's Avatar
    Join Date
    Apr 2003
    Location
    Bahrain, Middle East
    Posts
    7,525

    NEW: Bagle-AU worm disables Windows XP SP2 firewall

    Experts at Sophos have warned users that the new W32/Bagle-AU worm attempts to disable security software on infected Windows PCs.

    "By turning off firewall protection and other security software the author of the latest incarnation of the Bagle worm is opening up computers to attack," said Graham Cluley, senior technology consultant for Sophos. "Increasingly virus writers are aiming to take over innocent peoples' computers in order to steal, spam or cause mischief."

    Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update.

    "Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this worm," continued Cluley. "If you launch it on a PC running Windows XP SP2 it can turn off your firewall opening the door to hackers and other internet attacks."

    News source:
    Sophos

  2. #2
    Registered User
    Join Date
    Sep 2002
    Location
    Gloucestershire
    Posts
    98
    Thanks for posting details on this as I've just had a call...

  3. #3
    Geezer confus-ed's Avatar
    Join Date
    Jul 1999
    Location
    In front of my PC....
    Posts
    13,087
    Quote Originally Posted by TechZ
    ..Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update...
    Sophos (as some will know) is my favourite pay for 'anti-stuff', but the technical support Dudes I know there don't work weekends (or not to answer mails or calls) & I wanted to know if anyone had turned up just what gives you this & exactly what its doing ..

    All I can fathom is what TechZ's links to ( & ta for the 'heads up' from the Techz News channel ) & its spread via an attachment in spurious mails ?

    Opening any attachment from anyone you don't know is of course an exceptionally dumb idea, unless you are prepared for the potential consequences !

  4. #4
    Registered User TechZ's Avatar
    Join Date
    Apr 2003
    Location
    Bahrain, Middle East
    Posts
    7,525
    thanks -ed, bookmarkmns, nice to see the NEWS channel is doing some good

    AS soon as I see a mail from someone I dont know, DELETE, I'd rather lose an email than have to rebuild a whole system or mess up precious files.

  5. #5
    Registered User TechZ's Avatar
    Join Date
    Apr 2003
    Location
    Bahrain, Middle East
    Posts
    7,525
    Bagle Is Still Biting - McAfee's Antivirus Emergency Response Team spotted its first sample of Bagle.bb, one of the new variants, at 11:30 p.m. Thursday Pacific Coast Time. Since then, the company has received about 200 reports of the virus and intercepted two more variants, dubbed Bagle.bc and Bagle.bd, according to Vincent Gullotto, vice president of McAfee AVERT. McAfee rates Bagle.bb and Bagle.bd "medium" threats, based on the number of submissions they received for each, Gullotto said. The new variants are almost identical to each other, but use slightly different versions of a compression program, known as a packer, to shrink the size of the virus, creating a different profile or "signature" that can fool some antivirus programs, he said. Another article can be found at CNET. (download Win32/Bagle cleaner)

    Lets hope this helps.
    Z

  6. #6
    Registered User Sockhatguy's Avatar
    Join Date
    Aug 2004
    Location
    Hell, Louisiana
    Posts
    79

    adding old HDD to new compy for old info...and viruses...Doh!

    I went and did it this time...

    my old compy's power supply failed, and I was unable to find a new PS, so I bought a new compy...now, months later, I want the old information off the old HDD. so, I add it on as a slave...

    ...something twitches in the back of my head...old viruses...

    So, I begin a barrage of scanning tools, AVG, Trend Micro, Ad-Aware...

    and, of course, the HDD is choc-full of the bagle virus. AVG shows as follows: I-worm/bagle.ab, I-worm/bagle.ac, Trojan Horse Proxy.4.ap, and Trojan Horse Downloader.keenval.b

    mostly bagle.ab.

    any help on how to remove these from the drive? I'm downloading norton 05 trialware (Gotta love full-functioning trialware...) and I'm gonna see if it will fully remove it.

    AVG says that it has healed them, but they keep coming back. GRR! I know I can always wipe the drive, but I have good information...and also my Everquest game (with expansions) on that drive... ANY help would be AWESOME.

    btw - I could not find the win.32/bagle cleaner on Tech-Z's posted link.
    My specs: 900 MHz AMD T-Bird, Asus K7M Mobo., 256 MB RAM (two 128 MB Kingston SD PC-100), GeCube Radeon 9200 SE 128mb (drivers were impossible to find...still crashes because of them every now and then...i think its them...), Sound Blaster Live! 5.1, new high-speed USB 2.0 card, dual 60 GB HDD's for the heck of it (NTFS), XP Pro SP 2, Mozilla Firefox (Spread Firefox!), single-barrel carberator, Saitek P2500 Rumbleforce, (Yes, the system is dated, but it fits my budget!) - Sockhatguy

  7. #7
    Registered User TechZ's Avatar
    Join Date
    Apr 2003
    Location
    Bahrain, Middle East
    Posts
    7,525
    try this link http://www.nod32.ch/download/tools.stm

    and get the standalone NOD32 executable from http://mirror.edskes.com/ to scan your machine with too.

  8. #8
    Registered User Sockhatguy's Avatar
    Join Date
    Aug 2004
    Location
    Hell, Louisiana
    Posts
    79
    turns out I have netsky.p@mm!zip also...gah.

    the old compy was pretty much a family junker...the compy we used for anything and everything. thanks for the links, I'll try them out!
    My specs: 900 MHz AMD T-Bird, Asus K7M Mobo., 256 MB RAM (two 128 MB Kingston SD PC-100), GeCube Radeon 9200 SE 128mb (drivers were impossible to find...still crashes because of them every now and then...i think its them...), Sound Blaster Live! 5.1, new high-speed USB 2.0 card, dual 60 GB HDD's for the heck of it (NTFS), XP Pro SP 2, Mozilla Firefox (Spread Firefox!), single-barrel carberator, Saitek P2500 Rumbleforce, (Yes, the system is dated, but it fits my budget!) - Sockhatguy

Similar Threads

  1. who stole device manager?
    By ringo2143z in forum Windows XP
    Replies: 25
    Last Post: November 2nd, 2004, 01:28 AM
  2. Block/UnBlock Delivery of SP2
    By TechZ in forum Windows XP
    Replies: 0
    Last Post: August 11th, 2004, 03:38 PM
  3. Replies: 0
    Last Post: August 9th, 2004, 03:36 PM
  4. Download Windows XP SP2 Final + Support Centre
    By TechZ in forum Windows XP
    Replies: 3
    Last Post: August 9th, 2004, 03:29 PM
  5. Boot write error
    By Araman in forum Windows NT/2000
    Replies: 3
    Last Post: August 6th, 2001, 04:24 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •