Menu
Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Sophos Warns of New Bagle Threat

  • 18 March, 2004 19:48

<p>FOR IMMEDIATE RELEASE
Sydney, 18 March 2004</p>
<p>Sophos, a world leader in corporate anti-virus and anti-spam protection, is warning of a new twist in the Bagle virus saga. The new variant, W32/Bagle-Q, uses a different method of infection in an attempt to bypass anti-virus protection at the email gateway.</p>
<p>W32/Bagle-Q spreads via a "carrier" email which does not itself contain the virus as an attachment. When you open a "carrier" email, it attempts to exploit a vulnerability in Outlook which automatically downloads W32/Bagle-Q from the PC which sent you the "carrier" email.</p>
<p>The "carrier" email downloads and launches a Visual Basic script. This script downloads W32/Bagle-Q via an HTTP (web) request to TCP port 81 on the sender's PC. The downloaded copy of W32/Bagle-Q is placed into your system folder with the name directs.exe.</p>
<p>W32/Bagle-Q loads on your PC and terminates a wide range of security applications. It also makes multiple copies of itself into folders which are likely to be part of a file-sharing network, as well infecting programs on your PC by appending itself to existing EXE files (this is called "parasitic virus infection").</p>
<p>Sophos has published an identity to allow Sophos Anti-Virus to detect and disinfect this virus: http://www.sophos.com/virusinfo/analyses/w32bagleq.html</p>
<p>Sophos also recommends the following precautions against W32/Bagle-Q:</p>
<p>* Get and apply the latest Internet Explorer/Outlook Express patches from Microsoft. This prevents the automatic download of the virus.</p>
<p>* Disallow connections to TCP port 81 through your network firewall. Blocking outbound port 81 connections stops computers on your network from downloading the worm from outside. Blocking inbound port 81 connections means that even if you do get infected you will not pass the virus on to others.</p>
<p>Notes for Editors.</p>
<p>About Sophos.
Sophos is a world leading specialist developer of anti-virus and anti-spam software. Sophos is headquartered in the UK and protects all types of organisations, including small- to medium-sized businesses, large corporations, banks, governments and educational institutions against viruses and spam. The company is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. Sophos's products, backed by 24 hour support are sold and supported in more than 150 countries.</p>
<p>Sophos's regional head office for Australia and New Zealand is in Sydney and hosts one of the company's three Computer Virus Research and Development Laboratories to provide global support services.</p>
<p>http://www.sophos.com.au</p>
<p>FOR FURTHER INFORMATION:
Paul Ducklin (duck@sophos.com) is available for comment:
+61 0407 320 515 (mob)
+61 2 9409 9100 (tel)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (sophos@gne.com.au)
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular

Market Place