Viruses & Malware

Anti-virus experts at Sophos have identified a new Trojan horse which attempts to send spam messages to mobile phone users.

The Troj/Delf-HA Trojan horse downloads instructions on which spam campaign to run from a Russian website, and can plague owners of cellphones by sending them unsolicited junk SMS text messages.

The Trojan horse sends spam SMS messages by using the "Send a text message" facility found on the websites of several Russian mobile phone network providers.

Emails claiming to contain video clips of terrorist mastermind Osama bin Laden are likely to be example of a new computer worm. The Famus-F worm normally arrives in the form of a bilingual English and Spanish email, with the subject line "More terrorism this year". The message body states: "Last speech from Bin Laden. Please forwards this video to everybody." and includes a password - "cnn". If executed, the worm attempts to forward itself to email addresses found on infected computers. It also drops a number of files onto the hard drive.

Earlier this year Microsoft released a major security update for Windows XP, which was designed to strengthen the operating system’s defences against attack from viruses and hackers. One major part of the update was an improved version of its firewall software.

Graham Cluley, senior technology consultant at antivirus firm Sophos, said the latest Bagle variants are designed to attack and disable Microsoft’s new firewall application.

IT security experts have warned that a newly intercepted mutant of the infamous mass-mailing Bagle worm, dubbed Bagle.bb, has begun to spread rapidly across the internet.

Over one million email infections were reported within a few hours of the virus being discovered in the wild on Friday morning. The peak infection rate was between 8am and 9am, when virus infection rates trebled from the hour previously, according to email security company BlackSpider Technologies.

The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a DDoS attack against Google.com, Microsoft.com and miniszterelnok.hu, which is the website of the Hungarian prime minister.

A new variant of the Bagle email worm is spreading rapidly across the internet today. Email filtering firm BlackSpider Technologies reports that it was blocking 2000 copies of Bagle-AT an hour since its first appearance earlier this morning.

The latest variant of the Zafi worm was discovered on Wednesday and unlike the previous two variants, Zafi.C has been coded to launch a distributed denial-of-service (DDoS) attack against Google.com, Microsoft.com and miniszterelnok.hu, which is the Web site of the Hungarian Prime Minister.

Security fears sparked by the recently identified W32/Myfip virus are unfounded, according to a security industry executive who claims the concern is nothing more than empty scaremongering by antivirus firms.

The malicious code, branded "the start of a worrying trend" this week by security and antivirus firm MessageLabs, purports to have been sent from eBay.com and uses a previously undocumented packer to make it harder for antivirus software systems to identify.

Security experts have intercepted a virus which claims to have been sent from eBay.com and uses a packer previously unseen in email virus distribution.

The use of the uncommon packer in the W32/Myfip virus could make it more difficult for antivirus software vendors to identify and protect against the malicious code within, signalling "the start of a worrying trend", MessageLabs warned today.

Antivirus researchers have discovered a new version of the Netsky worm that contains text linking it to the SoonChunHyang University in Bucheon, South Korea.

Mikko Hypponen, director of antivirus research at European antivirus firm F-Secure, said the latest variant contains two hidden strings: "SoonChunHyang" and "Bucheon".

"There's a University called SoonChunHyang in the city of Bucheon, South Korea. So I guess this variant has something to do with South Korea," Hypponen said.