BagleDI-L disables security applications

COLLAB distinguished with the APDC / Siemens Innovation Award

In the past few hours, security companies have issued a medium risk warning for a new variant of the Bagle, called DI-L. This is not a fast-spreading variant with a high degree of danger, unlike what has happened in other mutations of the virus, but a Trojan horse that tries to disable the security applications installed on the systems, making them vulnerable to several types of attacks.

BagleDI-L also tries to connect to several sites – as with some previous versions – with the aim of making the download of files that, at least for now, do not contain malicious code.

According to McAfee, the variant, which had already been identified in January, has been reevaluated and is now considered medium risk due to the persistence with which it was noticed in the last hours. BagleDI-L is sent through the lists of spam and tries to disable the user’s virus protection systems, details the security company’s website.

It should be noted, however, that the Trojan Horse will only be activated if the affected user opens the zip file of the received message, a doc_01.exe.

Unlike a massively spreading virus, BagleBI-L does not self-distribute, so security companies can understand the sites it is trying to link to, and it also does not contain malicious code. In view of the data, the reclassification of the variant has only to do with the high number of messages detected with those characteristics.

However, companies warn of the fact that in previous situations other variants of the virus also refer to sites without malicious code at an early stage, but which in the meantime is added.

In Portugal, to date, there are no significant effects of the virus on Internet performance, António de Sousa, Marketware’s technical director, confirmed to TeK.

The company, which monitors a performance index in 30 of the largest companies with an Internet presence in Portugal, says that in the last 48 hours there are no significant changes that could be related to the new variant.

Related News:

2004-07-08 – Two new versions of Bagle give access to the source code

2004-04-30 – Bagle.AB and Netsky with strong impact in Portugal

2004-03-02 – New versions of the Netsky and Bagle viruses threaten computer security