BagleDl-A Trojan horse can disable firewall in Windows XP
Service Pack 2
 |
| The Trojan horse can disable security
applications, including the firewall built into Windows XP Service
Pack 2. |
Experts at Sophos have warned users to be wary of unsolicited
emails claiming to contain photographs, after a Trojan horse was
spammed to internet users. Many companies have reported sighting
the Trojan horse at their email gateways. The Troj/BagleDl-A Trojan
horse has been distributed in an email with the following
characteristics:
Subject:foto
Message body:foto
Attached file:foto.zip or fotos.zip
If the user opens the attached zip file, and launches the HTML
file contained within, the Trojan will attempt to download a
malicious program from one of more than 130 separate websites, many
based in Eastern Europe, every six hours.
"Whoever is behind this Trojan horse is trying to increase the
harm they cause by using a wide variety of different websites to
spread their code, and by telling infected computers to download an
updated payload every six hours," said Graham Cluley, senior
technology consultant for Sophos. "This makes it harder to shut
down every website under his or her control, and means the malware
code can be easily and regularly updated. The mass distribution of
this Trojan horse is a seeding for further attacks."
"All computer users should ensure their anti-virus protection is
up-to-date and able to counter this latest menace," continued
Cluley. "Everyone should be wary of launching unsolicited email
attachments and ensure their PCs are properly defended."
Sophos notes that the BagleDl-A Trojan horse is capable of
turning off the firewall built into Microsoft's recent Windows XP
Service Pack 2 update. "Just because you are running the latest
version of Windows XP you shouldn't think you are necessarily
protected from this Trojan," continued Cluley. "If you launch it on
a PC running Windows XP SP2 it can turn off your firewall opening
the door to hackers and other internet attacks."
The BagleDl-A Trojan horse appears to be from the same author as
the Bagle worm which
struck thousands of unprotected computer users earlier this
year.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.