A wave of Trojan horses, traveling through email, are slamming the
The Trojan BagleDl-L appears to have been deliberately spammed out to
email addresses around the world, according to analysts at Sophos, Inc.,
an anti-virus and anti-spam company with U.S. headquarters in Lynnfield,
Mass. Most of the email samples seen so far include a ZIP attachment
which, if opened, tries to connect to one of a number of Websites in
order to download more malicious code.
At deadline, none of these Websites appeared to contain anything
The malware also goes after security software on the infected computers.
BagleDl-L tries to stop various security applications, such as anti-virus
and firewall software. It renames files belonging to security
applications, so they can no longer load. It also blocks access to a
range of security-related Websites by changing the Windows HOSTS file.
”Any Trojan horse which turns off your anti-virus or firewall can open
you up to further attack, even by very old viruses,” says Graham Cluley,
senior technology consultant for Sophos. ”My advice is to keep your
anti-virus automatically updated and always be suspicious of unsolicited
Ken Dunham, director of Malicious Code at iDefense, says they have
discovered five unique codes being heavily spammed into the wild. The
attack, he says, started Monday evening and is ongoing.
The malware does require user interaction, but Dunham notes that, despite
user education, it still is a highly effective method of spreading
”Wave attacks are becoming increasingly common,” says Dunham.
”Multiple minor variants are rapidly seeded into the wild to help the
overall success of the attack… Hackers have been testing their code
prior to the attack to ensure that certain anti-virus products do not
detect the new minor variants. Hackers have become increasingly
sophisticated and organized in what they are doing in an attempt to steal
sensitive information or gain control over many computers.”