Security news
Security news1 November 2005
New BagleDl-W Trojan horse widely distributed, warns Sophos
 |
| The Trojan horse has been widely spammed across the internet. |
Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have detected many samples of a new Trojan horse being sent via email.
The Troj/BagleDl-W Trojan horse appears to have been deliberately spammed out to email addresses around the world. Emails seen so far containing the malware have message bodies saying "Info" or "Texte" and attached files with names such as Health_and_knowledge.zip, text_sms.zip, max.zip, Business.zip and The_new_price.zip.
If the program inside the ZIP file is opened, the Trojan horse tries to connect to one of a number of websites in order to download further malicious code.
Despite the wide distribution of this malicious program, Sophos has received very few reports of active infections. Nevertheless, Sophos is advising customers to check that their anti-virus is up-to-date.
"Trojan horses can turn off your anti-virus or firewall, opening you up to further attack by hackers or even old viruses that normally you would be protected against," said Graham Cluley, senior technology consultant for Sophos. "My advice is keep your anti-virus automatically updated and always be suspicious of unsolicited email attachments."
Sophos advises companies to adopt an email gateway policy which can protect against new email threats, even before anti-virus updates are available.
"This Trojan horse is aiming to take advantage of many people's reflex reaction when they receive an executable file via email: rather than not going near it, they often can't resist double-clicking on it, despite having no idea as to its safety," continued Cluley. "More companies are waking up to the benefits of stopping executable code from entering their organisation via email. Users who want to install software on their computer should be receiving it from their IT department, not from friends at other companies or potentially dangerous spam mailings."
Sophos recommends that businesses ensure their computers are kept automatically up-to-date with the very latest anti-virus software.
