June 25
July 23
- Weekly report on viruses and intrusions - Virus Alerts, by Panda Software http://www.pandasoftware.com

Madrid, July 23 2004 - This week's report on viruses and intruders looks at
four worms: the AG and AH variants of Bagle, Mydoom.M and Lovgate.AQ.

Bagle.AG and Bagle.AH are two quite similar worms that affect computers
running Windows XP, 2000 or NT. Both malicious codes spread in email
messages with variable characteristics. To do this, they collect email
addresses from a variety of files and use their own SMTP engine to send
themselves out to these addresses.

Once installed on a computer, the two new variants of Bagle open and listen
on a TCP port waiting for a remote connection. This means that an attacker
could access the computer and take action that compromises confidentiality
or impedes normal use of the computer.

One of the most dangerous effects of both worms is their ability to
terminate processes belonging to antivirus or security programs, leaving
computers unprotected against other possible attacks.

Bagle.AG and Bagle.AH connect to certain web pages that host a PHP script
through which they can, for example, send data stolen from the infected
computers. They also delete Windows registry entries generated after an
infection by various variants of the Netsky family of worms.

The Mydoom.M worm is programmed to send itself out via email, also in
messages with variable characteristics and using P2P file-sharing programs.

Once it has infiltrated a system, Mydoom.M installs a DLL which opens TCP
port 1042, creating a backdoor through which an attacker could access the
computer under attack. This DLL terminates processes related with antivirus
programs and system monitoring tools.

Finally, Lovgate.AQ is a worm that can open a backdoor and which uses
several means of propagation: email, the Kazaa file-sharing program, shared
network resources, etc.

Lovgate.AQ opens a communication port in the computer. It then sends an
email message to a remote user, informing that the computer in question has
been infected and that it is accessible through an open port. The worm also
uses 'brute force' to get the password for administrator access to the
computer. Lovgate.AQ also tries to terminate processes in memory related to
infections from other worms.

For further information about these and other computer threats, visit Panda
Software's Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia

Additional information

- Backdoor: This is a means through which it is possible to control the
affected system without the user realizing.

- Dynamic Link Library (DLL): A special type of file with the extension,
DLL.
What kind of windows are u running on?
What kind of windows are u running on?

view results


Panda ActiveScan - Free Online Virus Check





Supports Internet Explorer & Netscape







Google
WWW http://alanlim.htmlplanet.com





© Copyright 2004 Alan Lim. All Rights Reserved