New worm virus threatens Internet
Computer security experts fear a
new worm that began spreading rapidly across Australian e-mail networks
on Sunday could be a rehearsal for a more concerted attack in coming
weeks, Cnet reported on Tuesday.
The worm, dubbed Bagle-A, carries an expiration date, possibly
indicating that more robust versions of the worm could be slated for
release soon, said Daniel Zatz, security expert for US software company
Computer Associates (CA).
Comparing Bagle to the infamous Sobig virus that flooded global e-mail
networks last year, Zatz said he fears that a more virulent version of
the new worm could appear soon.
"One of our biggest concern is that if we look back a year ago at the
Sobig variants, they all had drop-dead dates, and every time one hit
that drop-dead date a new variant came out--a new and improved variant
of it," Zatz said.
Bagle-A is due to expire Jan. 28, suggesting that tuned variations of
the worm could appear as early next week.
Bagle-A's creators, like authors of many previous successful worms, have
relied on the ignorance and curiosity of e-mail users for the worm's
success.
The worm arrives in e-mail in-boxes as a message containing few lines of
text suggesting the e-mail may be from system administrator, as well as
an executable attachment. When the attachment is activated by its
receiver the worm then installs a program on the recipient computer that
allows the worm to be e-mailed on to other users in the system's local
address book.
Given that most corporate e-mail servers block transmission of
executable attachments, CA's Zatz believes that home and medium-size
business users are responsible for spreading the new worm.
Please read the instructions for removing W32/Bagle-A.
W32/Bagle-A
disinfection instructions
Resolve is the name for a set of
small, downloadable Sophos utilities designed to remove and undo the
changes made by certain viruses, Trojans and worms. They terminate any
virus processes and reset any registry keys that the virus changed.
Existing infections can be cleaned up quickly and easily, both on
individual workstations and over networks with large numbers of
computers.
Windows 95/98/Me and Windows
NT/2000/XP/2003
W32/Bagle-A can be removed from Windows
95/98/Me and Windows NT/2000/XP/2003 computers automatically with the
following Resolve tools.
Windows disinfector
BAGLEGUI is a disinfector for standalone Windows computers
If you are disinfecting several
computers, download it, save it to floppy disk and run it from there.
Command line disinfector
BAGLESFX.EXE is a self-extracting
archive containing BAGLECLI, a Resolve command line disinfector for use
on Windows networks. Read the notes enclosed in the self-extractor for
details on running this program.
Other platforms
To remove W32/BAGLE-A on other platforms
please follow the
instructions for removing worms.
|
