Wave of Trojans Slamming the Internet

A flood of spam-borne Trojans are washing over the Internet today. BagleDl-L downloads code and tampers with security software.

By  Sharon Gaudin | Mar 1, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
A wave of Trojan horses, traveling through email, are slamming the Internet.

The Trojan BagleDl-L appears to have been deliberately spammed out to email addresses around the world, according to analysts at Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass. Most of the email samples seen so far include a ZIP attachment which, if opened, tries to connect to one of a number of Websites in order to download more malicious code.

At deadline, none of these Websites appeared to contain anything malicious.

The malware also goes after security software on the infected computers.

BagleDl-L tries to stop various security applications, such as anti-virus and firewall software. It renames files belonging to security applications, so they can no longer load. It also blocks access to a range of security-related Websites by changing the Windows HOSTS file.

''Any Trojan horse which turns off your anti-virus or firewall can open you up to further attack, even by very old viruses,'' says Graham Cluley, senior technology consultant for Sophos. ''My advice is to keep your anti-virus automatically updated and always be suspicious of unsolicited email attachments.''

Ken Dunham, director of Malicious Code at iDefense, says they have discovered five unique codes being heavily spammed into the wild. The attack, he says, started Monday evening and is ongoing.

The malware does require user interaction, but Dunham notes that, despite user education, it still is a highly effective method of spreading malicious code.

''Wave attacks are becoming increasingly common,'' says Dunham. ''Multiple minor variants are rapidly seeded into the wild to help the overall success of the attack... Hackers have been testing their code prior to the attack to ensure that certain anti-virus products do not detect the new minor variants. Hackers have become increasingly sophisticated and organized in what they are doing in an attempt to steal sensitive information or gain control over many computers.''

Article courtesy of eSecurityPlanet.com

sgaudin@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >