Internet Changes Everything

Bagle.B Internet worm third most virulent in history: experts

Yahoo! News - Bagle.B Internet worm third most virulent in history: experts

Wed Feb 18, 7:20 AM ETAdd Technology - AFP to My Yahoo!

HELSINKI (AFP) - The Bagle.B Internet worm continued to propagate itself throughout the world, with experts ranking the virus as the third most dangerous computer bug after the notorious Sobig.F and Mydoom.A.

"This is a very serious worm, it's spread itself quite rapidly, but it will probably not reach the same catastrophic proportions as Mydoom.A and Sobig.F," Snorre Fagerland, with Norwegian Internet security company Norman, told AFP.

"On the scale of the most dangerous viruses, it gets a third place," he added.

The Mydoom.A Internet worm discovered last month, is the most virulent computer virus so far, reaching a peak infection rate of one in 12 e-mails.

The Sobig.F virus, which struck in August of 2003, had a peak infection rate of one in 17 e-mails and generated over 300 million contaminated messages during the first week alone.

According to US-based e-mail security firm MessageLabs, Bagle.B had by early Wednesday been found in 66 countries, and had reached an infection rate of one in every 16 e-mails worldwide, but experts expected that the outbreak would fizzle out soon, well before the bug's programmed expiration date of February 25.

"It's still spreading fairly rapidly. It's a big case. But the technical features of the virus are not that special," Mikael Albrecht, of the Finnish Internet security company F-Secure, told AFP.

"As soon as most people have updated their anti-virus protection, it will die out," Albrecht said.

Bagle.B first appeared in Poland and Germany on Tuesday afternoon, and propagated itself throughout Europe and the Americas overnight. Asia, however, appeared to have largely escaped the outbreak, experts said.

Most affected were the United States, where 16 percent of the infected e-mails were found, closely followed by the UK with 13 percent and Germany with 10 percent, MessageLabs said.

The bug installs a backdoor function on infected computers, enabling its creator and hackers to access the machines for malicious purposes, such as stealing confidential information like passwords stored on them, analysts said.

In addition, Bagle.B makes infected computers access four web pages on the Internet, possibly to download software or to count the number of contaminated machines, Albrecht said.

The first variant of the Bagle bug was found on January 18, and both bugs are believed to be linked to spammers -- senders of unsolicited bulk e-mail advertisements -- as they retrieve e-mail addresses from the infected computers.

Bagle.B also seemed to be related to the earlier Mitglied worm family, Norman's Fargerland said.

February 19, 2004 at 12:44 AM in Virus | Permalink | TrackBack (11) | Top of page | Blog Home