New Improved Bagle Worm Win32.Glieder! Now with Win32.Fantibag and Win32.Mitglieder

   7/13/2005 |  6/6/2005 |  1 Comment
Categories: Security, Virus & AntiVirus, Windows, Worms
The Internet Patrol default featured image
Share the knowledge

Not content to just do its normal wormly dirty work, a new variation on the infamous Bagle worm, Win32.Glieder, brings with it two companion Trojans, Win32.Fantibag and Win32.Mitglieder (literally, in German, “with Glieder”).

Said Chris Thomas, a security architect with Computer Associates, “We’ve seen blended threats before where a virus uses several methods to spread, but not like this.”‘

In fact, this version of Bagle is so different that it warranted a brand new name of its own, the “Glieder” designation.

Win32.Glieder starts out like any other worm – mass-emailing itself to everyone on its host’s address book list. But then the tagalong Trojan Win32.Fantibag disables the host computer’s antivirus software update mechanism, and second tagalong Trojan, Win32.Mitglieder, disables any firewalls and antivirus software that it can, and, according to TechNewsWorld, hijacks and subjugates the infected machine, making it part of an ever-expanding botnet. A botnet, in this context, is a collection of compromised PCs connected to the Internet which are used remotely by spammer and others to spam, launch denial of service attacks, and for other malicious Internet-related activities.

Win32.Glieder may, but does not necessarily, show up as an email attachment called “price.zip”.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

To protect yourself against Win32.Glieder, make sure that your anti-virus software is up-to-date and that your latest update includes a definition for Win32.Glieder. And of course never, never open an unexpected or unfamiliar attachment.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

More from the Internet Patrol:

EasyJet Hacked Compromising 9Million Customers Including Credit Card Info
Major Vulnerability in Security Protocol for Most Wifi Routers and IoT Devices Revealed, Codename: K...
AI Apocalypse: Is It Reality or Just Another Science Fiction Tale?
FBI, Feds Want to be Able to Decrypt Your Encrypted Email and Messages
Feinstein Says CIA Snuck on Computers, Deleted Documents - Why is Anyone Surprised?
Urgent: Update Firefox NOW! In Rare Move Immediate Firefox Update Urged by Homeland Security
If You Get a Notice from GoDaddy that They are Suspending an Email Address DON'T Click on It!
4.5 Million Hospital Records Hacked Across the U.S. - Complete List Here

Share the knowledge

One thought on “New Improved Bagle Worm Win32.Glieder! Now with Win32.Fantibag and Win32.Mitglieder

  1. Have the A/V companies only JUST realised this is in the wild?!?! I’ve spent countless hours over the last 3 months cleaning up exactly this infection. What’s worse (for a computer tech) is that it typically requires rebuilding the infected machine after the infection, because even removing the cause doesn’t repair all the collateral damage this beastie does to it’s host machine.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.