Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

F-Secure Warns on the outbreaks caused by a "Virus Weekend"

  • 02 March, 2004 15:58

<p>As an Australian Distributor for F-Secure for over 8 years, Open Systems Australia would like to provide you with the following news release.</p>
<p>F-Secure Warns on the outbreaks caused by a "Virus Weekend"
Two new versions of Netsky and five new versions of Bagle found since Friday</p>
<p>Virus writers have been busy over the last days, with two new variants of the
Netsky worm and five new variants of the Bagle worm found since Friday the
27th of February. Out of these worms, Netsky.D - found on Monday the 1st of
March - is the most widespread.</p>
<p>The Netsky virus family consists of fairly simple Windows worms, which spread
over email. Apart from spreading aggressively by sending infected PIF
attachments around they do very little. The only unusual feature is that
Netsky.D will start to play a loop of random beeps from the PC speaker on the
morning of Tuesday the 2nd of March.</p>
<p>"We believe the reason for Netsky.D spreading so fast is because it was
apparently spammed to a large amount of email addresses during Monday", says
Mikko Hypponen, Director of Anti-Virus Research at F-Secure. "If it continues
spreading at these levels it might go on to break the previous records set by
Mydoom.A and Sobig.F", he continues.</p>
<p>F-Secure raised Netsky.D to F-Secure Radar Level 1 Alert during Monday. Level
1 is the highest alert level.</p>
<p>All the new Bagle variants known as Bagle.C, .D, .E, .F and .G were found
during the weekend. The original Bagle.A (also known as Beagle) is a Windows
email worm that was first discovered on January 18th, 2004, and became
globally widespread in just 24 hours.</p>
<p>All the five new versions of Bagle seem to be written by the same virus
author. "It seems the writer is waging a virus war", says Hypponen.
"Apparently he has been monitoring closely how quickly the antivirus vendors
have released detections, then made the necessary alterations to avoid
detection and released new versions immediately", he continues.</p>
<p>F-Secure raised Bagles to F-Secure Radar Level 2 Alert during the weekend.</p>
<p>Bagle.F and .G have an interesting feature in them. Both of them send
infected files inside ZIP archives encrypted with a password that is
mentioned in the email message. The ZIP itself is variable, as the EXE inside
has a random part in it. Most probably the virus this way tries to bypass
detection of gateway and server scanners, which might not be able to decrypt
such archives.</p>
<p>In addition to this feature, Bagle.F uses deceiving icons for the infected
attachments that look like folders, and thus may seem harmless to the end
<p>Pictures of the Bagle folder icons can be seen in the F-Secure Weblog, which
follows developments on these new viruses. Also a recording of the beep sound
loop played by Netsky.D can be downloaded from the weblog which is available
<p>F-Secure Anti-Virus can detect and remove all the new Netsky and Bagle
variants. F-Secure Anti-Virus can be downloaded from</p>
<p>F-Secure has also released free tools, which can be used to remove Bagle or
Netsky from infected systems. The tools can be downloaded through the
F-Secure Virus Information Center at</p>
<p>About F-Secure</p>
<p>F-Secure Corporation protects individuals and businesses against computer
viruses and other threats coming through the Internet or mobile networks. Our
award-winning solutions include antivirus, desktop firewall with intrusion
prevention and network encryption. Our key strength is the speed of response
to new threats and for businesses our solutions feature centralized
management. Founded in 1988, F-Secure has been listed on the Helsinki
Exchanges since 1999. We have our headquarters in Helsinki, Finland, and
offices in USA, France, Germany, Sweden, the United Kingdom and Japan.
F-Secure is supported by a global ecosystem of value added resellers and
distributors in over 50 countries. F-Secure protection is also available
through major Internet Service Providers, such as Deutsche Telekom and
leading mobile equipment manufacturers, such as Nokia.</p>
<p>About Open Systems Australia</p>
<p>Open Systems Australia, a Canberra based company, was founded 13 years ago with the aim of providing high-end security, computing and data networking solutions for Fortune-500 Corporations, Federal and State Government Departments, Australia-wide.
This has developed into an extensive distribution business servicing over 2000 resellers Australia wide. Open Systems Australia has the in-house project management and technical / engineering capabilities to undertake virtually any I.T. project, anywhere in the Pacific region.</p>
<p>For further information please contact:</p>
<p>Sarah Hawkins
Marketing Manager
Open Systems Australia
02 6261 4900</p>

Most Popular