Net virus can strike unseen
CanWest News Service
March 19, 2004
Just looking at your e-mail can now deliver you the nastiest of new viruses.
Five new variants of a malicious e-mail virus released overnight Thursday on the Internet break new ground in that recipients are no longer required to open attachments to infect their computers.
The new variants of the Bagle virus -- which was first discovered in January -- exploit known flaws in Microsoft's Internet Explorer, Outlook and Media Player programs to run a small hyper text language message that downloads the virus directly into the target computer.
Although Microsoft issued a patch last October to fix the flaw, it may still not be enough to prevent new variants of the Bagle virus from infecting users' computers, according to a Korean antivirus company.
Eric Kwon, chief executive officer of Global Hauri, which identified three of the variants shortly after they were released, said his staff discovered the virus is still triggered if users try to save the message on computers that have already been patched with the Microsoft fix.
"We found that even a patched computer is still vulnerable if someone tries to save the message," Kwon said.
"This means people are going to have to change the way they send messages to one another."
In the past, viruses could be spread only by users opening e-mail attachments which would then trigger self-propagating "worm" programs embedded in the attachments.
But the new variants carry a web-based URL or hyper text message in the body of the e-mail that triggers the computer to secretly download a copy of the worm from already infected computers.
It also turns off some security and anti-virus programs, and even disables firewalls, according to Chris Belthoff, senior security analyst with Sophos, an antivirus and anti-spam company with offices in Vancouver.
"This is a pretty serious new twist, in that most people have learned not to open e-mails that have attachments they aren't expecting," Belthoff said from Sophos's lab in Boston, Mass.