Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Threat Advisory" McAfee AVERT Raises Risk Assessment to Medium on New W32/Bagle.DLDR

  • 02 March, 2005 13:03

<p>McAfee AVERT Raises Risk Assessment Based on Prevalence</p>
<p>SYDNEY, March 2, 2005—McAfee, Inc., the pioneer and worldwide leader of intrusion prevention solutions, today announced that McAfee AVERT (Anti-virus and Vulnerability Emergency Response Team), the world-class research division of McAfee, Inc., raised the risk assessment to Medium on the W32/Bagle.dldr Trojan, also known as Bagle.dldr. New variants were reported to McAfee AVERT researchers this morning and to date, McAfee AVERT has received more than 100 distinct reports of these variants in the wild.</p>
<p>Threat Overview
Bagle.dldr is not a mass mailing threat by itself, but a downloader that tries to access files from the Internet and attempts to disable a range of anti-virus and security tools. The Trojan has been used by other bagle variants, including Bagle.bb, Bagle.bc and Bagle.bd.</p>
<p>Threat Pathology</p>
<p>After being executed, Bagle.dldr copies itself into the Windows System directory and adds the following registry hooks:</p>
<p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
DownloadManager</p>
<p>HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "winshost.exe" = %WinDir% \system32\winshost.exe</p>
<p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run "winshost.exe" = %WinDir% \system32\winshost.exe</p>
<p>Bagle.dldr proceeds to drop a file named wiwshost.exe and tries to download a file zo2.jpg from various Web sites. It also terminates security services and in some cases renames the main security program executable. Bagle.dldr modifies the file %WinDir% \system32\drivers\etc\hosts to prevent the user and any running software from contacting certain security Websites. The Trojan also disables any configured HTTP proxy.</p>
<p>When outgoing TCP connections to port 80 (HTTP) are established, Bagle.dldr tries to download files from a very large list of sites—many of these sites may be decoys as they have not been found to host the file being requested.</p>
<p>System Protection and Cure</p>
<p>More information on Bagle.dldr and cure for this downloader Trojan can be found online at the McAfee AVERT site located at http://vil.nai.com/vil/content/v_129512.htm. McAfee AVERT is advising its customers to update to the 4404 DATs to stay protected from these variants of the threat.</p>
<p>McAfee AVERT Labs is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in fourteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield and McAfee Entercept organisations, two research arms that were acquired through IntruVert Networks and Entercept Security. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.</p>
<p>About McAfee, Inc.</p>
<p>McAfee, Inc., headquartered in Santa Clara, Calif., a worldwide leader in Intrusion Prevention and Risk Management solutions, delivers proven security products and services to help customers effectively balance the competing priorities between business needs and security requirements. McAfee applies profound security expertise toward helping companies, government agencies and consumers block attacks, prevent disruptions, and continuously track and improve the security of their systems and networks. For More information, McAfee, Inc. can be reached at + 61 2 972-963-8000 or www.mcafee.com.</p>
<p># # #</p>
<p>NOTE: McAfee, AVERT, IntruShield, Entercept and Foundstone are either registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. The colour Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. ©2005 McAfee, Inc. All Rights Reserved.</p>
<p>For media enquiries, please contact:</p>
<p>Natalie Connor</p>
<p>Tel: +61 (0)2 9956 5733</p>
<p>E-mail: natalie.connor@text100.com.au</p>

Most Popular

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?