Spyware, Viruses, & Security forum

General discussion

Weekly report on viruses and intrusions - 05/02 /04

by Marianna Schmudlach / May 2, 2004 3:41 AM PDT

- Weekly report on viruses and intrusions -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 2 2004 - This week's report on viruses and intrusions focuses on
three variants of Bagle -Z, AA, and AB-, two variants of Netsky -AA and AB-,
and the Gimared.A and Gaobot.PX worms.

Even though they are all variants of the same malicious code, the three new
members of the Bagle worm family have some significant differences. For
example, in order to spread, Bagle.AA uses e-mail messages with variable
characteristics that contain images in the form of attached files with a
JPEG extension. Bagle.AB spreads via P2P file sharing programs as well as
e-mail.

Unlike the two variants above, Bagle.Z does not spread automatically. This
worm needs a malicious user's intervention to reach the affected computer.
The means of transmission it can use include floppy disks, CD-ROMs, e-mail
messages with attached files, Internet downloads, FTP, IRC channels,
peer-to-peer (P2P) file sharing networks, etc.

The three Bagle variants can connect to several web pages that host a
certain PHP script. By doing this, these worms notify their author when a
computer has been affected. They also end processes belonging to antivirus
and firewalls programs, as well as those corresponding to many worms.

Netsky.AA and Netsky.AB are two very similar variants. Both of them spread
via e-mail in a message with variable characteristics and an attached file
with a PIF extension. However, they have different effects: when run,
Nestky.AA displays a fake error message on screen, whereas Netsky AB deletes
the entries that other worms, like Bagle, insert in the Windows Registry.

Gimared.A is a malicius code that spreads via e-mail. When run on a Windows
NT computers, it displays a message on the screen about the social and
political situation in Cuba, the country where the worm was created.

Gimared.A also notifies the affected user of its presence by sending a
message to the user's mail account.

Gaobot.PX is a dangerous worm that can carry out several actions on affected
computers, as it has been designed to exploit several Windows
vulnerabilities and use backdoors opened by the worms Bagle.A and Mydoom.A
on infected computers.

Gaobot.PX also ends the processes belonging to antivirus programs and
firewalls, leaving infected computers vulnerable to virus attacks. It also
prevents many antiviruses from connecting to the web pages that allow them
to update.

Gaobot.PX connects to specific IRC servers and waits for instructions from
malicious users. In this way, it can download files, run commands or update
itself. It can also steal confidential data, obtain system information and
launch distributed denial of service (DDoS) attacks.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia

Discussion is locked
You are posting a reply to: Weekly report on viruses and intrusions - 05/02 /04
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Weekly report on viruses and intrusions - 05/02 /04
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?