Bagle Worm Mutants Multiplying Fast
Almost a year after the first Bagle worm started squirming through e-mail in-boxes, anti-virus vendors are reporting a new wave of attacks with new propagation techniques.
Source: eWeekThree new variants were detected over the past 24 hours, and because of the high rate of distribution, anti-virus firms have increased the threat level and have rushed out signature updates.
One new mutant, Bagle.AY, is polymorphic and uses peer-to-peer spreading capabilities to multiply. It contains a backdoor that listens on TCP port 81 and is programmed to cease its activity on April 25, 2006, according to an alert from Finnish research firm F-Secure.
Anti-virus vendors McAfee Inc., Trend Micro Inc., Panda Software and Symantec Inc. all have raised their alert ratings and have issued warnings because of the worm's rapid rate of propagation.
"Everyone should be cautious of unsolicited e-mail attachments, and be wary of what they download from Internet file-sharing networks," said Graham Cluley, senior technology consultant at Sophos, a Lynnfield, Mass.-based security outfit.
0