Panda Software’s New TruPrevent Technologies Detect and Block a New, Previously Unidentified Virus

Panda Software has detected the appearance of the new worm Bagle.AH (W32/Bagle.AH.worm), a malicious code that uses both email and file-sharing programs like Kazaa, Morpheus, e-mule or LimeWire in order to spread rapidly across computers. From the afternoon of July 19, Panda Software’s laboratories began to receive a large number of incident reports involving this virus.

Panda Software’s TruPrevent Technologies, which are still in Beta phase, available from , will be launched officially on July 29. These innovative technologies are designed to use behavior analysis to block attacks like Bagle.AH and perfectly complement traditional antivirus applications due to their capacity to prevent even unknown malicious code from running.

The Bagle.AH worm uses an email with a false address to spread. The message text includes words like: “Predators”, “Lovely animals”, “fotoinfo”, “The snake” or “Animals”.

To spread to other email addresses, it has an attachment that must be run for the infection to start. This file could be called: “Serials.txt.exe”, “Porno Screensaver.scr”, “Microsoft Office 2003 Crack, Working!.exe”, or “Music_MP3.com”. The file could sometimes be included in a password protected ZIP file.

When the file containing the Bagle.AH worm is run, it starts to look on the infected computer for addresses to which it then sends itself.

This worm also uses P2P file-sharing programs in order to spread. To do this it makes a copy of itself in the shared directories of these applications with names that could entice other users to download and run them.

The damaging effects that this worm can have on computers include the blocking of antivirus or security application processes in memory which could leave computers vulnerable to further attack.

At the same time as the appearance of Bagle.AH, two new versions of Mydoom and Lovgate have started to spread across the Internet. W32/Mydoom.M.worm and W32/Lovgate.AQ.worm infected some computers and although initially it was feared that the epidemic could spread due to the simultaneous action of the worms, only Bagle.AH has become a real threat to a large number of computers.

Due to the risk of being infected by Bagle.AH, Panda Software advises users to stay on their guard and make sure their antivirus is updated. The company has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate Bagle.AH.

Users can also scan and disinfect their computers using Panda ActiveScan, the free, online scanner available from: www.pandasoftware.com . More information about these and other IT threats is available from:

About PandaLabs

On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.