Following on from our report yesterday on the Bagle virus, the threat is still on the increase.
Graham Cluley, Senior Technology Consultant for Sophos said,
"Computer users should be wary of any programs delivered by email even if they seem to come from a known contact. If you email programs around, you should get out of this habit now, as it encourages bad security practice."
The Bagle virus copies itself to bbeagle.exe in the Windows system folder and sets the following registry entry to ensure the worm is run at logon:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe
The worm also sets the following registry entries:
HKCU\Software\Windows98\uid
HKCU\Software\Windows98\frun
Bagle will not activate if the system date is 28 January 2004 or later.
Should you be unlucky enough to get infected with Bagle, Sophos have released some utilities and instructions on how to clean infected machines.
|
|
Reader Comments: 0
