New Improved Bagle Worm Win32.Glieder! Now with Win32.Fantibag and Win32.Mitglieder

The Internet Patrol - Patrolling the Internet for You
Follow Anne
Rate this post!
 

Not content to just do its normal wormly dirty work, a new variation on the infamous Bagle worm, Win32.Glieder, brings with it two companion Trojans, Win32.Fantibag and Win32.Mitglieder (literally, in German, “with Glieder”).

Said Chris Thomas, a security architect with Computer Associates, “We’ve seen blended threats before where a virus uses several methods to spread, but not like this.”‘


In fact, this version of Bagle is so different that it warranted a brand new name of its own, the “Glieder” designation.

Win32.Glieder starts out like any other worm – mass-emailing itself to everyone on its host’s address book list. But then the tagalong Trojan Win32.Fantibag disables the host computer’s antivirus software update mechanism, and second tagalong Trojan, Win32.Mitglieder, disables any firewalls and antivirus software that it can, and, according to TechNewsWorld, hijacks and subjugates the infected machine, making it part of an ever-expanding botnet. A botnet, in this context, is a collection of compromised PCs connected to the Internet which are used remotely by spammer and others to spam, launch denial of service attacks, and for other malicious Internet-related activities.

Win32.Glieder may, but does not necessarily, show up as an email attachment called “price.zip”.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

To protect yourself against Win32.Glieder, make sure that your anti-virus software is up-to-date and that your latest update includes a definition for Win32.Glieder. And of course never, never open an unexpected or unfamiliar attachment.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

One thought on “New Improved Bagle Worm Win32.Glieder! Now with Win32.Fantibag and Win32.Mitglieder

  1. Have the A/V companies only JUST realised this is in the wild?!?! I’ve spent countless hours over the last 3 months cleaning up exactly this infection. What’s worse (for a computer tech) is that it typically requires rebuilding the infected machine after the infection, because even removing the cause doesn’t repair all the collateral damage this beastie does to it’s host machine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.