Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New Bagle Worm Infects Without File Attachments

A new round of Bagle worms blitzed the Internet Thursday, and takes advantage of a five-month-old vulnerability in Internet Explorer that let them infect computers without having to convince users to open a file attachment.

Bagle.q -- which was quickly followed by three variants, dubbed Bagle.r, Bagle.s, and Bagle.t -- follows in the footsteps of earlier editions of the persistent, pernicious worm by arriving as e-mail, opening a backdoor to the system so it can be re-infected or loaded with other malicious code, and attaching itself to executable files found on the hard drive to make it even more difficult to dislodge.

The big difference in this newest Bagle wave, said security experts, is that it can infect unpatched PCs without the usual file attachment.

If the message arrives on a machine that's not been patched against the Internet Explorer Object Data Remote Execution vulnerability -- disclosed in early October, 2003 -- Outlook and Outlook Express users who simply open or view the e-mail are automatically infected.

This same vulnerability was exploited in attacks in the fall of 2003.

  • 1