8 June 2005
We’ve seen some serious virus activity lately, sheesh, but in the opinion of many, myself included, the worst threat has got to be the combined attack of the “Mitglieder” and other Bagel variants. This coordinated joint attack on Internet users is something new to a lot of Security experts and the potential numbers of those infected is something to behold. Watching the blended attack play out is like watching a Special Forces team take out some remote jungle village—the unprotected PC just doesn’t stand a chance.
Let’s take a closer look at the three major components of the attack and what they do exactly:
1 – Glieder is a Bagel variant that is so flexible and lightweight that it was released in eight different versions at once. I don’t envy anti-virus companies trying to keep up with this guy. The Glieder’s job is to break the lines of defense and to do this in as many PC’s as it possibly can, as fast as it can. After this part of the mission is successful it calls in the next wave, by directing your PC to a site in which it can download the Fantibag Trojan
2 – Fantibag Trojan  cuts all communication with anti-virus companies and the Windows Update site, putting a stop to all updates for these protective services, leaving your PC for the most part defense-less. Now its time for the third-wave, and the Fantibag downloads its accomplice Mr. Mitglieder or, as I like to call it, the “Coffin Nail” because it’s over for this unfortunate soul.
3 – Mitglieder Trojan completely shuts down your anti-virus and firewall leaving you dead in the water. After it opens up a backdoor in the infected system the assault is over. The system is now a bot turned to the “Dark Side”, a slave to the attacker, doing whatever is asked of it.
Scary stuff. This attack is bad and it is believed that it is not only driven by money, but that it is actually a constructed effort of an organization and not a single entity. There is money to be made by selling groups of these controlled PC’s to interested parties who use them to gather personal information or use as spam relays.
Stay safe out there,