Panda Software Reports New Bagle and Mitglieder Variants Create New Malware Wave Threatening Users

Panda Software Reports New Bagle and Mitglieder Variants Create New Malware Wave Threatening Users • PandaLabs has detected the appearance of six new Bagle worm variants, as well as four variants of the Mitglieder Trojan • Mitglieder.BO is causing most global incidents and is already one of the viruses most frequently detected by Panda Software’s ActiveScan Glendale, CA - March 01, 2005 - Panda Software Labs has detected the appearance of six variants (BN, BO, BP, BQ, BR and BS) of the Bagle email worm, as well as four variants (BO, BP, BQ and BR) of the Mitglieder Trojan. Of these, the most active at present are Bagle.BN and Mitglieder.BO. The latter is causing the more rapid increase in incidents in users’ computers around the globe, and is already one of the viruses most frequently detected by Panda ActiveScan, the free online scanner. Bagle.BN and Mitglieder.BO work together to increase the spread as much as possible. Mitglieder.BO reaches computers from an email message, in an attachment that could have names like price.zip or price2.zip. If a user runs this file, the Trojan activates and tries to connect to an Internet address from which it downloads the Bagle.BN worm onto the system. Once Bagle.BN is installed on a computer, it sends Mitglieder.BO to the addresses that it finds in a file called EML.EXE, which is also downloaded from the Internet. To do this the worm uses its own SMTP engine. Mitglieder.BO also terminates processes belonging to various antivirus and security programs, and overwrites the Windows ‘hosts’ file to prevent users from connecting to certain web pages. “The actions of disabling security programs and opening the computer to further hack attempts points to an organized attempt to infect as many machines as possible and use them for further mischief.  The creation of "bot" machines that are used to send spam has been a growing trend in the last year and looks to be continuing.  Though effective in spreading, these new variants rely on the end user opening unknown attachments and therefore prey on the least informed of the pool of computer users.  This group of people are also the least likely to have adequate computer security protections in place.” explains Patrick Hinojosa, CTO, Panda Software US. As Panda Labs has already detected increased incidents caused by the new malicious code, users are advised to take precautions and keep their antivirus software updated. Panda Software clients already have the updates available to detect and disinfect the new malicious code. Panda Software’s clients can already access the updates for installing the new TruPreventTM Technologies along with their antivirus protection, providing a preventive layer of protection against new malicious code. For users with a different antivirus program installed, Panda TruPreventTM Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPreventTM Technologies at http://www.pandasoftware.com/truprevent. Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available from: www.pandasoftware.com. More information about the new variants of Bagle and Mitglieder is available from: http://www.pandasoftware.com/virus_info/encyclopedia/ About PandaLabs: On receiving a possibly infected file, Panda Software's technical staff gets right to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: http://www.pandasoftware.com/virus_info/ For more information: Alan Wallace [email protected] Tel. (818) 543-6909