BagleDl-A Trojan horse can disable firewall in Windows XP
Service Pack 2
|
| The Trojan horse can disable security
applications, including the firewall built into Windows XP Service
Pack 2. |
Experts at Sophos have warned users to be wary of unsolicited
emails claiming to contain photographs, after a Trojan horse was
spammed to internet users. Many companies have reported sighting
the Trojan horse at their email gateways. The Troj/BagleDl-A Trojan
horse has been distributed in an email with the following
characteristics:
Subject:
foto
Message body:
foto
Attached file:
foto.zip or fotos.zip
If the user opens the attached zip file, and launches the HTML
file contained within, the Trojan will attempt to download a
malicious program from one of more than 130 separate websites, many
based in Eastern Europe, every six hours.
"Whoever is behind this Trojan horse is trying to increase the
harm they cause by using a wide variety of different websites to
spread their code, and by telling infected computers to download an
updated payload every six hours," said Graham Cluley, senior
technology consultant for Sophos. "This makes it harder to shut
down every website under his or her control, and means the malware
code can be easily and regularly updated. The mass distribution of
this Trojan horse is a seeding for further attacks."
"All computer users should ensure their anti-virus protection is
up-to-date and able to counter this latest menace," continued
Cluley. "Everyone should be wary of launching unsolicited email
attachments and ensure their PCs are properly defended."
Sophos notes that the BagleDl-A Trojan horse is capable of
turning off the firewall built into Microsoft's recent Windows XP
Service Pack 2 update. "Just because you are running the latest
version of Windows XP you shouldn't think you are necessarily
protected from this Trojan," continued Cluley. "If you launch it on
a PC running Windows XP SP2 it can turn off your firewall opening
the door to hackers and other internet attacks."
The BagleDl-A Trojan horse appears to be from the same author as
the Bagle worm which
struck thousands of unprotected computer users earlier this
year.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats as well as secure their desktop and servers with
automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.