Widespread BagleDl-M Trojan horse can open up PCs to attack

March 04, 2005 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have warned computer users about a new variant of the Bagle Trojan horse that is being spammed out to many internet users via email.

The Troj/BagleDl-M Trojan horse disables anti-virus and security software on the victim's computer, potentially opening it up to infection by existing widespread viruses, and opening up the computer for exploitation by hackers. The Trojan horse additionally tries to prevent the infected computer from visiting security websites, and contains the ability to download additional malicious code from the internet.

Earlier this week, a series of other versions of the Bagle Trojan horse were distributed widely on the internet.

"Just as businessmen speak of the synergy that can be created by two companies coming together, so the criminal hackers behind this Trojan are demonstrating the effectiveness of combining virus and spam techniques," said Graham Cluley, senior technology consultant for Sophos. "This latest member of the Bagle family of Trojans and worms may fool the unwary and those who have been lax about their virus protection into being infected. If you are hit by this Trojan you are effectively putting your PC into the hands of the hacking underground."

Sophos recommends that businesses ensure their computers are kept automatically up-to-date with the very latest anti-virus software. Sophos anti-virus products have been capable of detecting the Troj/BagleDl-M Trojan horse since 12:52 p.m. EST on March 4, 2005.

Sophos also advises companies to adopt an email gateway policy which can protect against new email threats, even before anti-virus updates are available.