NEW: Bagle-AU worm disables Windows XP SP2 firewall

Printable View

October 30th, 2004, 04:23 AM
TechZ

NEW: Bagle-AU worm disables Windows XP SP2 firewall

Experts at Sophos have warned users that the new W32/Bagle-AU worm attempts to disable security software on infected Windows PCs.

"By turning off firewall protection and other security software the author of the latest incarnation of the Bagle worm is opening up computers to attack," said Graham Cluley, senior technology consultant for Sophos. "Increasingly virus writers are aiming to take over innocent peoples' computers in order to steal, spam or cause mischief."

Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update.

"Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this worm," continued Cluley. "If you launch it on a PC running Windows XP SP2 it can turn off your firewall opening the door to hackers and other internet attacks."

News source: Sophos
October 30th, 2004, 05:58 AM
bookmarkmns

Thanks for posting details on this as I've just had a call...
October 30th, 2004, 07:06 AM
confus-ed

Quote:

Originally Posted by TechZ

..Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update...

Sophos (as some will know) is my favourite pay for 'anti-stuff', but the technical support Dudes I know there don't work weekends (or not to answer mails or calls) & I wanted to know if anyone had turned up just what gives you this & exactly what its doing ..

All I can fathom is what TechZ's links to ( & ta for the 'heads up' from the Techz News channel :thumbs: ) & its spread via an attachment in spurious mails ?

Opening any attachment from anyone you don't know is of course an exceptionally dumb idea, unless you are prepared for the potential consequences !
October 31st, 2004, 04:18 AM
TechZ

thanks -ed, bookmarkmns, nice to see the NEWS channel is doing some good ;)

AS soon as I see a mail from someone I dont know, DELETE, I'd rather lose an email than have to rebuild a whole system or mess up precious files.
October 31st, 2004, 04:24 AM
TechZ

Bagle Is Still Biting - McAfee's Antivirus Emergency Response Team spotted its first sample of Bagle.bb, one of the new variants, at 11:30 p.m. Thursday Pacific Coast Time. Since then, the company has received about 200 reports of the virus and intercepted two more variants, dubbed Bagle.bc and Bagle.bd, according to Vincent Gullotto, vice president of McAfee AVERT. McAfee rates Bagle.bb and Bagle.bd "medium" threats, based on the number of submissions they received for each, Gullotto said. The new variants are almost identical to each other, but use slightly different versions of a compression program, known as a packer, to shrink the size of the virus, creating a different profile or "signature" that can fool some antivirus programs, he said. Another article can be found at CNET. (download Win32/Bagle cleaner)

Lets hope this helps.
Z
November 11th, 2004, 01:46 AM
Sockhatguy

adding old HDD to new compy for old info...and viruses...Doh!

I went and did it this time...

my old compy's power supply failed, and I was unable to find a new PS, so I bought a new compy...now, months later, I want the old information off the old HDD. so, I add it on as a slave...

...something twitches in the back of my head...old viruses...

So, I begin a barrage of scanning tools, AVG, Trend Micro, Ad-Aware...

and, of course, the HDD is choc-full of the bagle virus. AVG shows as follows: I-worm/bagle.ab, I-worm/bagle.ac, Trojan Horse Proxy.4.ap, and Trojan Horse Downloader.keenval.b

mostly bagle.ab.

any help on how to remove these from the drive? I'm downloading norton 05 trialware (Gotta love full-functioning trialware...) and I'm gonna see if it will fully remove it.

AVG says that it has healed them, but they keep coming back. GRR! I know I can always wipe the drive, but I have good information...and also my Everquest game (with expansions) on that drive... ANY help would be AWESOME.

btw - I could not find the win.32/bagle cleaner on Tech-Z's posted link.
November 11th, 2004, 04:08 AM
TechZ

try this link http://www.nod32.ch/download/tools.stm

and get the standalone NOD32 executable from http://mirror.edskes.com/ to scan your machine with too.
November 11th, 2004, 04:57 AM
Sockhatguy

turns out I have netsky.p@mm!zip also...gah.

the old compy was pretty much a family junker...the compy we used for anything and everything. thanks for the links, I'll try them out!