Bagle author creates new outbreak

SpinnerSpinner Birmingham, UK
edited March 2005 in Science & Tech
A new Bagle variant has reared its ugly head today and if you're not careful it could have you for breakfast.
Kaspersky Lab, a leading security content management has detected a number of variants of Email-Worm.Win32.Bagle. These new Bagles are new variants of the same malware, but packed differently. One thing they all have in common is that they don't self-replicate. In other words, these are so-called intended variants, not fully functional versions. However, somewhat paradoxically, we've seen large numbers of them during the course of the day. The reason is that they have all been mass-mailed out deliberately as spam.

The new Bagles were sent as attachment to infected emails with random or missing subjects and texts. The malware arrives as a Windows executable file. The name, form and size of the files are also random. It is difficult therefore to identify the infected emails using formal attributes, and we caution all users to be especially cautious when opening email attachments.

The malware is launched when the user clicks on the attachment: Bagle copies itself into the Windows system folder and creates a registry key. Bagle then stops processes that protect the infected machines and local networks, leaving them open to further attack. Kaspersky Lab virus analysts have detected 15 pieces of malware by the author of Bagle. They are closely related and differ mostly in the packing routines. Therefore, Kaspersky Lab is detecting them all as Email-Worm.Win32.Bagle.pac. Detailed information and a description are available on Viruslist.com.
Source: Neowin

Comments

  • KingFishKingFish
    edited March 2005
    I got hit by two variants of the bagle worm. bagle.be and bagle.bn. I'm usually pretty scrupulous about opening email attachments but they managed to wiggle their way in anyway. Be careful with these folks. Luckily I have them both removed now. It's the first virii I've been hit with in years. I was quite surprised. I think I got hit before Norton released definitions for them.
  • SpinnerSpinner Birmingham, UK
    edited March 2005
    For those of you who use Norton Antivirus, and don't want to wait till Wednesday (their scheduled update day), you can download their intelligent updater any time of the week to make sure you're up to the minute with the latest definitions.

    Symantec do release defintions when needed on days other than Wednesdays if the threat is critical, but typically using the intelligent updater is the best way to keep yourself protected, if you're anal about those type of things that is. ;)

    http://securityresponse.symantec.com/avcenter/download.html
  • kanezfankanezfan sunny south florida Icrontian
    edited March 2005
    I set my Norton to check for updates every day at like 2am or something. Would it not be updated then, or would it still have to wait until Wednesday to get the update?
  • SpinnerSpinner Birmingham, UK
    edited March 2005
    kanezfan wrote:
    I set my Norton to check for updates every day at like 2am or something. Would it not be updated then, or would it still have to wait until Wednesday to get the update?
    It would still have to wait until Wednesday, unless they release them early because of a high threat level.
Sign In or Register to comment.