Sunday, July 18, 2004

 - Panda Software warns of the dangerous new Bagle.AF worm -  
 
Virus Alerts, by Panda Software (http://www.pandasoftware.com)
 
Madrid, July 16 2004 - PandaLabs has detected the presence of Bagle.AF, anew and dangerous variant of the well-known Bagle virus. Incidents involvingthis new variant have already been reported.Bagle.AF reaches computers in an email message with highly variablecharacteristics.
 
The address of the sender is false and the message text, inHTML format, includes messages like "Read the attach", "Your file isattached" or "More info is in attach", among others.
 
The attached file, which includes the worm's code, may come under many names including "Information", "Details" or "text_document", and could have an.exe .scr, .com, or .cpl extension.
 
Sometimes, this attachment could arrive in a password protected Zip file. In these cases, the message also includesthe text: "For security reasons attached file is password protected. Thepassword is: XXXXX" (X is a random number).
 
More details of the messages that Bagle.AF uses are available from PandaSoftware's virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/
 
If a user runs the file, the worm will send itself out to all addresses itfinds in files with certain extensions on the computer. To do this, Bagle.AFuses its own SMTP engine.
 
In addition, Bagle.AF copies itself -under variousnames- to shared directories for P2P programs like Kazaa or Morpheus.
 
Bagle.AF terminates memory processes belonging to many antivirus andsecurity programs, leaving the computer vulnerable to further attacks.
 
The worm also tries to connect to several web pages in order to send outinformation about the infected computer.
 
Finally, Bagle.AF creates a Windowsregistry entry to make sure it runs every time the system is started up.
 
To prevent incidents involving Bagle.AF, Panda Software advises users totake precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect anddisinfect this new malicious code.
 
For further information about Bagle.AF and other computer threats, visitPanda Software's Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/encyclopedia/
 
In addition, users can scan their computers online for free with theActiveScan solution, available on the company's web page at: http://www.pandasoftware.com
 
NOTE: The addresses above may not show up on your screen as single lines.This would prevent you from using the links to access the web pages. If thishappens, just use the 'cut' and 'paste' options to join the pieces of theURL.