IMlogic can also offer commentary
involving increased risk from IM worms, viruses and other
security threats related to the growing popularity of IM
use within the enterprise. * PandaLabs has detected the appearance of six new Bagle worm variants,
as well as four variants of the Mitglieder Trojan

* Mitglieder. W32/Zafi-D 45. Budweiser frogs screensaver 2.

sarcastic uncovering

, Panda Software Labs has detected
the appearance of six variants (BN, BO, BP, BQ, BR and BS) of the Bagle email
worm, as well as four variants (BO, BP, BQ and BR) of the Mitglieder Trojan . Mitglieder.pandasoftware. LYNNFIELD, Mass. W32/Zafi-B 5.

scares misconceptions

The Trojan URL references StarGames apparently
trying to take advantage of the popularity of the newly
released Star Wars movie.)

To receive automated alerts for all medium and high
threats sign up for alerts on the IMlogic Threat Center
at: http: //www.

For companies not currently using IMlogic's IM Manager to
securely protect and filter IM messages, a free
downloadable product released from IMlogic - IMlogic IM
Detector Pro(TM) - can be used to immediately block IM
traffic and stop the potential for spreading this worm.imlogic.BN and Mitglieder.pandasoftware.1% Fourth month as number one
2. W32/MyDoom-O 1.com/pressoffice/imgallery/topten

For more information about safe computing, including anti-hoax policies,
please visit: http:/ /www.

mirabilis cyndi

ADVISORY/IMlogic Threat Center Reports a New Phishing Attack Over Instant Messaging Leveraging The StarGames Trojan Horse Targeted at Yahoo Users; Offers Immed

imlogic.

Top Ten Viruses and Hoaxes Reported to Sophos in March 2005

The report, compiled by SophosLabs(TM), Sophos's global network of virus
and spam analysis centers, shows that Zafi-D, which first appeared at the end
of 2004, was the most commonly encountered virus for the fourth consecutive
month, accounting for 45.5%

"In March 2005, the virus top ten consisted mostly of older viruses such
as Zafi-D and multiple versions of the Netsky worms," said Gregg Mastoras,
senior security analyst at Sophos, Inc.

hooey hoaxes

WHO: Experts from the IMlogic Threat Center can speak with
technology and business reporters, industry analysts,
enterprises, partners or anyone concerned about the impact
of this threat.BN and Mitglieder. W32/Netsky-Z 2.3%
9.3%
7.

pager uncovering

----IMlogic--

WHAT: Industry leader IMlogic (www.imlogic.asp

To protect your organization, ensure that all desktop
systems have been updated with the latest security patches
and that all out of date clients have been blocked from
accessing the Yahoo network.pandasoftware. The entire chart is dominated by
older viruses, with only one of the top ten, Sober-K, having first appeared in
2005.
Sophos is acclaimed for delivering the highest level of customer satisfaction
and protection in the industry.

vmyths hogwash

Once successfully executed, the vulnerability collects and
sends Yahoo login and user credentials to a third party
who can then propagate the Trojan leveraging the infected
users account.zip. For
users with a different antivirus program installed , Panda TruPrevent(TM)
Personal is the perfect solution, as it is both compatible with and
complements these products, providing a second layer of preventive protection
that acts while the new virus is still being studied and the corresponding
update is incorporated into traditional antivirus programs , decreasing the
risk of infection.pandasoftware.3%
6. Since so many older threats remained steadfast during the
month, newer threats didn't make it onto the list.

hogwash scares

BO also terminates processes belonging to various antivirus and
security programs, and overwrites the Windows 'hosts' file to prevent users
from connecting to certain web pages.

persistence rumor

IMlogic IM Manager(TM)
provides the capability to block out of date clients
ensuring enterprise security against client
vulnerabilities. A helpful install wizard
simplifies the process and guides users through each step.

BO reaches computers from an email message, in an
attachment that could have names like price.0%
Others 9.sophos.

hoax exe

Upon activation , the
Trojan collects Yahoo credentials and then sends messages
out to a user's buddy list whether the IM client is logged
in or not. (818) 543-6909

"
In March, SophosLabs analyzed and protected against 1,225 new viruses.

The top ten hoaxes reported to Sophos during March 2005 were as follows:

1.2%
8.

mirabilis misconceptions

com/(obscured )) sent to them
from a user on their buddy list.BO. If
the file does in fact contain a new virus, the disinfection and detection
routines are prepared and quickly distributed to users .

virus scams

To learn more about the StarGames Trojan visit the IMlogic
IM and P2P Threat Center at:
http://www.BO work together to increase the spread as much as
possible.

To do
this the worm uses its own SMTP engine. The creation of "bot"
machines that are used to send spam has been a growing trend in the last year
and looks to be continuing.
As Panda Labs has already detected increased incidents caused by the new
malicious code, users are advised to take precautions and keep their antivirus
software updated. More information about TruPrevent(TM) Technologies at
http://www., Sophos, a global leader in
network security, has published a report revealing the top ten viruses and
hoaxes causing problems for businesses around the world during the month of
March 2005.

The top ten viruses in March 2005 were as follows:

1. W32 /Sober-K 5.

misunderstandings rumor

.com) is warning
customers that a new Trojan horse virus is attacking Yahoo
IM users. The vulnerability is initiated when a user
clicks on a malicious (URL
http://yahoopremium.asp?iThreatID=
597+mr=top3+hr=top3
(Due to the length of this URL, it may be necessary to
copy and paste it into your Internet browser's URL address
field.
Companies can download IMlogic IM Detector Pro at no cost
directly from IMlogic's Web site at
www.com /im_threat_center/index.zip or price2. Once Bagle.

For more information: http://www. Bonsai kitten 5. Bill Gates fortune 2.com/virusinfo/bestpractice/

About Sophos:
Sophos is a global leader in network security.

viruses cyndi

.com/imdetectorpro.
Panda Software's clients can already access the updates for installing the
new TruPrevent(TM) Technologies along with their antivirus protection,
providing a preventive layer of protection against new malicious code.sophos.

exe sarcastic

Users can also scan and disinfect their computers using Panda ActiveScan,
the free, online scanner available from: http://www. "It's apparent that these viruses are
continuing to earn a spot on the Top Ten because many computer users are
simply not keeping their anti-virus protection up-to-date and not practicing
safe computing. The company's products are sold and supported
in more than 150 countries.

hoaxes hooey

imlogic. Use of
the information constitutes acceptance for use in an AS IS condition.
Mitglieder.0%
3. W32/Netsky-B 2.62%, or one in 38 emails, circulating during
the month of March were viral.3% Ninth month at number one
2 . Chain
letters can really consume bandwidth and productivity.

believing virus

"The actions of disabling security programs and opening the computer to
further hack attempts points to an organized attempt to infect as many
machines as possible and use them for further mischief. Jamie Bulger 3.3% New entry
10.2%
Others 24.

cyndi mirabilis

com/im_threat_center /threatdetail. You may also need to remove an extra space in the
URL if one exists.

MORE INFO: Learn more at IMlogic's Threat Center:
http://www.imlogic.asp.
There are no warranties with regard to this information. The
latter is causing the more rapid increase in incidents in users' computers
around the globe, and is already one of the viruses most frequently detected
by Panda ActiveScan, the free online scanner. If a user runs
this file, the Trojan activates and tries to connect to an Internet address
from which it downloads the Bagle.com/virus_info/encyclopedia /

About PandaLabs:
On receiving a possibly infected file, Panda Software's technical staff
gets right to work. The file is analyzed and depending on the type, the
action taken may include: disassembly, macro scanning, code analysis etc.3%
8.1%
9. Bogus US Bank email 1.com

cyndi damn

Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on , this information.BO is causing most global incidents and is already one of
the viruses most frequently detected by Panda Software's ActiveScan

GLENDALE, Calif.BN worm onto the system . Though effective in spreading, these new variants
rely on the end user opening unknown attachments and therefore prey on the
least informed of the pool of computer users. Panda Software clients already have the updates available
to detect and disinfect the new malicious code.
More information about the new variants of Bagle and Mitglieder is
available from: http://www.com/virus_info/

For more information:
Alan Wallace
pr@pandasecurity.1% of all reports.
Sophos research indicates that 2. Meninas da Playboy 7.9%
3. Unidentified tsunami boy 1. Many employers are
implementing best practice email policies, which ensures that users delete
such emails rather than forwarding.com. Horn Group
781-973-1101 781-356-7152
lvaccarino@horngroup.

hoax vmyths

bravehost.

IMlogic , IMlogic products and IMlogic IM Manager are trademarks of
IMlogic Corporation and/or affiliated companies in the United States
and other countries.
Bagle.com
Tel.8%
5.4%
4. "Meanwhile,
reports of the tsunami-related chain letters have fallen dramatically.

hysteria exe

Panda Software Reports New Bagle and Mitglieder Variants Create New Malware Wave Threatening Users

EXE , which is also downloaded from the Internet.7%
7. This figure is significantly lower than last
month when one in 28 emails were viral.
In order to minimize exposure to viruses, Sophos recommends that companies
deploy a policy at their email gateway, which blocks unwanted executable
attachments from entering their organization from the outside world.6%
5.8%
6.

vmyths sarcastic

Applebees Gift Certificate 2.sophos. For more information, please visit:
http://www.

misconceptions rumor

Business Editors /High-Tech Editors
ADVISORY.com/im_threat_center/index.

Disclaimer

The information in the advisory is believed to be accurate at the
time of publishing based on currently available information .
Of these, the most active at present are Bagle.
Companies should also run up-to-date anti-virus software, firewalls and
install the latest security patches. The company protects over
35 million business users -- from small enterprises to academic and financial
institutions to governments and global corporations -- against multiple
evolving threats such as viruses, spam, Trojans, worms and malicious spyware.

Jennifer Torode Laurie Vaccarino
Sophos , Inc.

rumor misunderstandings

BN is
installed on a computer, it sends Mitglieder.com/truprevent. W32/Netsky-P 21.9%
4. W32/Netsky-D 4. W32/Netsky-C 1.1%
10. W32/Netsky-Q 1.
The total number of viruses that Sophos now protects against is 102,123. Hotmail hoax 44."

Sophos has made available a free, constantly updated information feed for
intranets and websites, which means users can always find out about the latest
viruses and hoaxes: http://www.com/virusinfo/infofeed/

Graphics of the above top ten virus chart are available at:
http://www.

viruses vmyths

All other registered and unregistered trademarks
represented in this document are the sole property of their respective
companies/owners .BO to the addresses that it finds
in a file called EML. This group of people are also
the least likely to have adequate computer security protections in place,"
explains Patrick Hinojosa, CTO, Panda Software US.com. A virtual card for you 4.9%

"The Hotmail hoax continues to hang onto the number one spot, accounting
for almost half of March's hoax reports," continues Mastoras.sophos.