Mutant Bagle Trojan Shutting Down Anti-Virus Software

March 1, 2005
March 1, 2005 – (HOSTSEARCH.COM) – McAfee announced today that the Bagle Trojan has been modified and is spreading via email at a rapid rate with McAfee having received more than 100 distinct reports of the virus.

The virus is a particular threat to McAfee itself as it seeks to disable McAfee’s anti-virus software as well as Symantec’s Norton and the free AVG anti-virus software.

McAfee described the Trojan like this, “Bagle.dldr installs a file named wiwshost.exe and tries to download a file zo2.jpg from various Web sites. It also terminates security services and in some cases renames the main security program executable. Bagle.dldr modifies the file %WinDir% \system32\drivers\etc\hosts to prevent the user and any running software from contacting certain security Websites. The Trojan also disables any configured HTTP proxy.”

Top 3 Hosts From Our Search

2Pars Enterprise