Security news
Security news20 September 2005
Second wave of attack: new Bagle Trojans spammed out today, Sophos reports
 |
| Second wave of Bagle Trojan horse attacks spammed to millions of email addresses. |
SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned that for the second day running a hacker is spamming multiple new versions of the Troj/BagleDl-U Trojan horse to millions of email addresses around the world.
The attacks were spreading across the net between 15:00 and 22:00 (GMT) yesterday, and a new phase began again at approximately the same time today. All of the different versions of the Trojan horse attempt to turn off anti-virus and security software, and block access to security websites, in an attempt to allow hackers to gain access to infected computers.
The latest series of malicious messages have strong similarities to yesterday's onslaught: the subject line is blank, the body message text is 'new price', and the malicious file attached can be identified with names such as '09_price.zip', 'price_new.zip', and 'price2.zip'.
"This is the second massive email attack phase from this hacker in two days - the creator is obviously intent on infecting as many people as possible," said Carole Theriault, senior security consultant at Sophos. "All computer users should avoid opening unsolicited email attachments, and ensure that their anti-virus protection is up to date. Businesses should also consider blocking all executable code from entering their networks via email - most companies have no need to receive computer programs via this route, and it dramatically reduces the risk of infection".
Sophos is currently protecting its customers against these new threats.
