After a couple of weeks of sparring, the Netsky vs. Bagle war has slowed down, though the latest Bagle.N/M variety has turned more nasty. Several new Netsky variants (Netsky.K, Netsky.L, Netsky.M) emerged, but had relatively low impact. Netsky.B and NetskyD are still topping the threat lists, especially due to their human engineering.
Over the weekend, Bagle made a new appearance with Bagle.M and Bagle.N. Like previous varieties of Bagle, also known as Beagle, the virulent e-mail attachment is a compressed file.
Bagle.N differs from earlier versions with a longer list of existing security programs to terminate, and it infects existing exe files. Because Bagle.N infects .EXE files which may have to be quarantined or deleted, it is even more important than ever to have a full system backup (of your clean system).
The past wisdom of not opening attachments from strangers moved to “dont open attachments from friends either” with the explosion of “From” address spoofing. The most current wisdom is to ignore e-mail attachments from the system administrator, friends, strangers, and pretty much anyone else. If you send attachments between friends or relatives, arrange a special pass phrase, or a personal comment that a worm wouldnt be spoofing to flag authentic mail.
Most of the new worms are now putting their virus executables in zip files that come with and without password protection. Since several antivirus products do not scan zipped attachments, this can allow viruses to get in. Most will catch the virus when it is executed, but sometimes that can be too late. Hopefully antivirus vendors will get the message and turn on “scan all files” but in the mean time, check your AV settings. If it isnt already, enable “scan all files” and “scan compressed files” in your antivirus configuration.
Many users are getting into a regimen of running a spyware scanner in addition to their antivirus. Even with wider coverage of antivirus programs, it is still a good idea to run a dedicated spyware scanner like Ad-Aware or SpyBot S&D to find and remove files and registry entries for spyware, adware and malware (like dialers). Unfortunately removal can sometimes break your Internet connection. This weeks tip points you to resources that will let you fix those broken connections.
Microsoft announced three new vulnerabilities and security updates this week. At first none were rated more than moderate, but one day after release, Microsoft upped their rating on MS04-009. For more information see our Security Updates section.
Quick Tip: An out of date antivirus can let in an infection but still attempt to stop outgoing e-mail. Unfortunately it can become a whack-a-mole effort closing dialogs, depending on the antivirus. If this happens, unplug your modem or Internet connection to stop the dialogs and reboot into safe mode. While rebooting, plug your connection back in so you can get to an online scanner or an update.