|
|
 
A sage thing is timely silence, and better than any speech.
Plutarch (46-120); Greek philosopher, author.
- Weekly virus report -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, January 25, 2004 - Today we are going to focus on Bagle.A, which
spread around the globe at the beginning of this week, and on two Trojans
belonging to the same family: StartPage.AB and StartPage.AC.
Bagle.A spreads via e-mail in a message with the subject 'Hi'. The attached
file has the same icon as the Windows Calculator and its name consists of
several random characters and an EXE extension.
Once it has been installed on a computer, Bagle.A looks in the files with
WAB, HTM, HTML and TXT extensions stored on the affected computer for e-mail
addresses to send itself out to using its own SMTP engine -except for those
belonging to the following domains: hotmail.com, msn.com, microsoft.com and
avp.com-. Furthermore, every ten minutes, it attempts to connect to several
web pages through the port 6777, in order to update itself.
Bagle.A includes code that allows it to download files from the Internet and
run them on the affected computer, but it can only carry out its actions
until the system date is January 28, 2004.
The first Trojan in today's report is StartPage.AB, which changes the home
page of the browser Internet Explorer and its search options. Similarly, it
modifies the HOSTS file, in order to prevent the user from accessing several
web pages that offer information or software for eliminating spyware. In
addition, it goes memory resident and prevents the changes made to the
Windows Registry from being saved.
We are going to finish today's report with another variant of StartPage,
variant AC. This Trojan changes the home page of the browser Internet
Explorer and modifies an entry in the Windows Registry so that it is run
whenever the user opens a text file.
For further information about these and other malicious code, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia
Additional information
- Spyware: A program that is automatically installed with another (usually
without the user's permission and even without the user realizing), which
collects personal data (data on Internet access, action carried out while
browsing, pages visited, programs installed on the computer, etc.).
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx
NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
