Win32-Beagle-DP [Wm]

Avast Free Antivirus / Premium Security
1

Hi All, tonight I ran another full system scan (after I ran updates for program and definitions just to be sure) and the Worm Win32-Beagle-DP was found. (was in OE Identities Deleted) I chose to Delete this worm, normally I’ve been quarantining anything in the chest. On Sept. 10, a Trojan JS:Istbar [Trj] was found and I put that in the Chest. This trojan was found in Temp. Internet (I have emptied that now).
Since both of these were found I feel Avast is doing exactly what I hope and know it’s good at.
I just wonder how could those get in my system in the first place? I think aside from my cable connection, the only other introduction I’ve made to this computer was a DVD movie from the video store.
I use cable internet, I use ZoneAlarm ver. 6.0, last week I downloaded the SpySweeper & run that, and my Avast is V 4.6 with resident scan. I did notice I had these resident scans set to Normal but now they’re on High. Does the Normal setting make Avast miss any emails incoming that might contain have contained this Worm? and the Trojan that was received from an internet site?
Thanks for any help!! katy

2

Normal sensitivity could allow the worm to be saved in your HDD but it won’t be allowed to run.

Most probably…

3

If these would be saved to my hard drive but not run, could they also be distributed to anyone I email?

TIA for your help!! katy

4

No, unless YOU attach them in a mail.

5

Like Eddy said, only if you send emails with attachments.
But, other virus could ‘stole’ your address book and use it to send emails to your friends.

Btw, SpySweeper could delete avast! entries. Take care. Search the board to find more info about SpySweeper.

6

Also, I was shocked to find out that a trojan called “Favoriteman” had entered my system about 2 weeks ago. Like you, I have a lot of software installed and was shocked at how this baddie got through.

Come to find out that it “piggybacks” onto a valid website, of course without the website owner’s knowledge. In other words, it simply hides behind the legitimate site and even a firewall won’t see it.

It’s since been deleted but just shows how crafty these hackers can be. It is unfortunate but these crooks are very creative and getting even more so. >:(

7

JS:Istbar is a adware or spyware and was installed when you visited a website. But now with Web shield, it is detected before it enter to your hard disk.

8

Hi katy98 and EBathory,

Just a couple of comments:

first, Win32-Beagle-DP was only added to the avast! definitions on the 12 September, so you could have received it as an email attachment before then.

http://www.avast.com/eng/vps_history.html

Second, malware “piggybacking” on websites depends on an unpatched security vulnerability being present in your browser: an up to date browser is pretty safe. JS:Istbar for example depends on a Javascript security vulnerability being present:

JS/Istbar-B is a JavaScript which initiates the download and installation of adware software.

JS/Istbar-B is activated by browsing web pages that contain a element with an SRC= attribute pointing to the remote JS/Istbar-B script.

JS/Istbar-B targets the browsers Microsoft Internet Explorer and Netscape Navigator.

JS/Istbar-B may exploit vulnerabilities associated with certain versions of Microsoft Internet Explorer to silently download and install/run adware executables without user interaction.

http://www.sophos.com/virusinfo/analyses/jsistbarb.html

Most “drive by” infections occur after a security vulnerability has been identified and patched, partly because most malware writers are not really the brainy hackers of Hollywood films, but dumb script kiddies crudely adapting exploits they find on the web, and partly because there are many computer users who have never updated their systems once since they bought them in 2001.

They best way to stay safe is to update your browser regularly, although Webshield is a useful second line of defence.

9

Thanks Everyone, this is a very learning experience. Eddy, you answered “No, unless YOU attach them in a mail”. I would never purposely do this, so I assume you mean if I send any attachments ever, it could be included in my attachment without my knowledge?
and Frank, you said it is important to keep my browser updated; I do have AutoUpdate turned on and do install the critical updates to my IE browser. Now I’m not sure if WinXP autoupdate is also keeping my Firefox browser updated? I use both browsers because Firefox and my cc card are not compatible (for generating virtual #s). I do have the Settings check-marked for ‘periodic checking for updates’ but tonight I did a manual and I am up-to-date in both browsers. It’s been a couple of weeks since I had critical updates for either browser.
I would very much like to know more about Javascript and how it can be a threat to me as a web surfer and Is this javascript the same ‘mechanism’ that is used to make email stationary scroll borders, or make a floating icon in the stationary? I’m a bit nervous about any emails that ‘move’; I’ve disabled images in my OE email program but are these ‘moveable’ stationary emails vulnerable for viruses, worms, trojans? If anyone knows of a good site with an easy to understand explanation of javascript, please could you share the address or newsgroup name with me? Also, some sites ask me to install a Multimedia Player (interactive or some such), I wonder how vulnerable THOSE make me? I only install the Player when it’s a site “I asked for” but a friend has built a website that asked me to install this. Not that I mistrust him, but does installing it, open me up to ‘anybody else’ getting access to my computer? TIA, katy

10

PS: Also, music in emails that use stationary where part(s) of the email ‘move’, do they make a person vulnerable to virus, worms, trojans? Thanks for ANY help!!! katy