Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Threat Advisory" McAfee AVERT Raises Risk Assessment to Medium on New W32/Bagle.DLDR

  • 02 March, 2005 13:03

<p>McAfee AVERT Raises Risk Assessment Based on Prevalence</p>
<p>SYDNEY, March 2, 2005—McAfee, Inc., the pioneer and worldwide leader of intrusion prevention solutions, today announced that McAfee AVERT (Anti-virus and Vulnerability Emergency Response Team), the world-class research division of McAfee, Inc., raised the risk assessment to Medium on the W32/Bagle.dldr Trojan, also known as Bagle.dldr. New variants were reported to McAfee AVERT researchers this morning and to date, McAfee AVERT has received more than 100 distinct reports of these variants in the wild.</p>
<p>Threat Overview
Bagle.dldr is not a mass mailing threat by itself, but a downloader that tries to access files from the Internet and attempts to disable a range of anti-virus and security tools. The Trojan has been used by other bagle variants, including, Bagle.bc and</p>
<p>Threat Pathology</p>
<p>After being executed, Bagle.dldr copies itself into the Windows System directory and adds the following registry hooks:</p>
CurrentVersion\Run "winshost.exe" = %WinDir% \system32\winshost.exe</p>
CurrentVersion\Run "winshost.exe" = %WinDir% \system32\winshost.exe</p>
<p>Bagle.dldr proceeds to drop a file named wiwshost.exe and tries to download a file zo2.jpg from various Web sites. It also terminates security services and in some cases renames the main security program executable. Bagle.dldr modifies the file %WinDir% \system32\drivers\etc\hosts to prevent the user and any running software from contacting certain security Websites. The Trojan also disables any configured HTTP proxy.</p>
<p>When outgoing TCP connections to port 80 (HTTP) are established, Bagle.dldr tries to download files from a very large list of sites—many of these sites may be decoys as they have not been found to host the file being requested.</p>
<p>System Protection and Cure</p>
<p>More information on Bagle.dldr and cure for this downloader Trojan can be found online at the McAfee AVERT site located at McAfee AVERT is advising its customers to update to the 4404 DATs to stay protected from these variants of the threat.</p>
<p>McAfee AVERT Labs is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in fourteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield and McAfee Entercept organisations, two research arms that were acquired through IntruVert Networks and Entercept Security. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.</p>
<p>About McAfee, Inc.</p>
<p>McAfee, Inc., headquartered in Santa Clara, Calif., a worldwide leader in Intrusion Prevention and Risk Management solutions, delivers proven security products and services to help customers effectively balance the competing priorities between business needs and security requirements. McAfee applies profound security expertise toward helping companies, government agencies and consumers block attacks, prevent disruptions, and continuously track and improve the security of their systems and networks. For More information, McAfee, Inc. can be reached at + 61 2 972-963-8000 or</p>
<p># # #</p>
<p>NOTE: McAfee, AVERT, IntruShield, Entercept and Foundstone are either registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. The colour Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. ©2005 McAfee, Inc. All Rights Reserved.</p>
<p>For media enquiries, please contact:</p>
<p>Natalie Connor</p>
<p>Tel: +61 (0)2 9956 5733</p>

Most Popular



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?