- Weekly report on viruses and intrusions -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, May 2 2004 - This week's report on viruses and intrusions focuses on
three variants of Bagle -Z, AA, and AB-, two variants of Netsky -AA and AB-,
and the Gimared.A and Gaobot.PX worms.
Even though they are all variants of the same malicious code, the three new
members of the Bagle worm family have some significant differences. For
example, in order to spread, Bagle.AA uses e-mail messages with variable
characteristics that contain images in the form of attached files with a
JPEG extension. Bagle.AB spreads via P2P file sharing programs as well as
Unlike the two variants above, Bagle.Z does not spread automatically. This
worm needs a malicious user's intervention to reach the affected computer.
The means of transmission it can use include floppy disks, CD-ROMs, e-mail
messages with attached files, Internet downloads, FTP, IRC channels,
peer-to-peer (P2P) file sharing networks, etc.
The three Bagle variants can connect to several web pages that host a
certain PHP script. By doing this, these worms notify their author when a
computer has been affected. They also end processes belonging to antivirus
and firewalls programs, as well as those corresponding to many worms.
Netsky.AA and Netsky.AB are two very similar variants. Both of them spread
via e-mail in a message with variable characteristics and an attached file
with a PIF extension. However, they have different effects: when run,
Nestky.AA displays a fake error message on screen, whereas Netsky AB deletes
the entries that other worms, like Bagle, insert in the Windows Registry.
Gimared.A is a malicius code that spreads via e-mail. When run on a Windows
NT computers, it displays a message on the screen about the social and
political situation in Cuba, the country where the worm was created.
Gimared.A also notifies the affected user of its presence by sending a
message to the user's mail account.
Gaobot.PX is a dangerous worm that can carry out several actions on affected
computers, as it has been designed to exploit several Windows
vulnerabilities and use backdoors opened by the worms Bagle.A and Mydoom.A
on infected computers.
Gaobot.PX also ends the processes belonging to antivirus programs and
firewalls, leaving infected computers vulnerable to virus attacks. It also
prevents many antiviruses from connecting to the web pages that allow them
Gaobot.PX connects to specific IRC servers and waits for instructions from
malicious users. In this way, it can download files, run commands or update
itself. It can also steal confidential data, obtain system information and
launch distributed denial of service (DDoS) attacks.
For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?