Individual Post Archive
« Customers walking away from slow POS lineups | Main | 100 mln books published in human history, 200K movies, 50K CD-ROMs »

August 10, 2004

New Bagle Variant Sweeps the Internet

Yahoo! News - New Bagle Variant Sweeps the Internet

Tue Aug 10, 3:06 PM
Erika Morphy, www.newsfactor.com
Antivirus companies are sounding the alarm about a new variant from the long-lived Bagle virus family: On Monday, Bagle.AM, also known as "Bagle.AQ" and "Bagle.AC," began spreading rapidly and infecting users.

Due to the high number of incidences, antivirus firms are ranking this new virus on the higher end of the threat spectrum.


Mass-Mailing Threat

Bagle.AQ is a mass-mailing threat that contains its own SMTP engine to construct outgoing messages, according to McAfee AVERT (Anti-virus and Vulnerability Emergency Response Team). The virus mass mails itself to addresses harvested from local files. It produces a message with a spoofed "From" address and contains a remote-access component -- with the notification sent to the hacker. It then copies itself to folders that have "shar" in the name, typically found in P2P applications, such as Kazaa, Bearshare and LimeWire.

The worm sends out a ZIP file that contains an HTML file. On vulnerable systems, it automatically runs an EXE file that is a downloader Trojan. The downloader Trojan then contacts a large number of remote Web sites to retrieve the virus itself.

"Users should be very wary and should most likely delete any e-mail containing "From : (address is spoofed); Subject : (blank); Body Text: * new price," McAfee said.

The virus also has been successful in shutting down various security processes, Panda Software CTO Patrick Hinojosa told NewsFactor. "That is why it was able to spread so quickly. It had a chance to really jumpstart infections."

The virus was already at the top of the list of 20 most-detected viruses this month, Hinojosa said.


Suspicious Timing

So far it does not appear as though the worm was designed to initiate a denial of service attack against a company. "It was obviously a launched worm," Hinojosa says, "aimed at individual machines."

The timing is a little suspect, though, considering the ire most hackers have towards Microsoft (Nasdaq: MSFT - news). "Microsoft came out with its new security service pack on the same day, so I am assuming this was done to take a shot at Microsoft," Hinojosa says.

August 10, 2004 at 08:13 PM in Virus | Permalink | TrackBack (13) | Top of page | Blog Home