Careers & Certifications

08:52 PM
Connect Directly
RSS
E-Mail
50%
50%

Newest Bagle On The Loose

Another variation of the long-running Bagle worm began spreading early Friday.

Another variation of the long-running Bagle worm began spreading early Friday, bumping up warning levels from most security firms to their highest levels in over a month. Although three different versions of Bagle were launched almost simultaneously, one, dubbed Bagle.av, Bagle.at, Bagle.au, or Bagle.bb, is spreading the fastest.

"It started showing up around 2 a.m. today Eastern time," said Stefana Ribaudo, the product manager for Computer Associates eTrust security program, "and first spread in Europe. When U.S. offices opened between 8 and 9, it really took off."

Computer Associates, for instance received 100 submissions of the new Bagle within an hour, while it went straight to the top of F-Secure's list of the most common viruses during the past 24 hours. U.K.-based security vendor BlackSpider noted that more than a million e-mails carrying the new Bagle had been sent as of early Friday morning, London time. It's not uncommon for worms and viruses to be seeded in large spam-style mailings, often with the help of large networks of hijacked PCs where each machine mails just a few messages to escape detection.

Whatever it's named -- Bagles have proliferated to such a degree that there's no longer a common naming system among anti-virus vendors -- the worm is relatively easy to spot, say analysts. The subject line is typically "Re: Hello," "Re: Hi," or "Re: Thank you!" The worm is disguised as a .exe, .scr, .com, or .cpl file named "Price" or "Joke."

Like earlier Bagles, this one spreads by grabbing e-mail addresses from compromised machines and remailing itself with its own SMTP server. It also spreads via shared network folders.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed