• 10/29/2004
    8:52 PM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Newest Bagle On The Loose

Another variation of the long-running Bagle worm began spreading early Friday.
Another variation of the long-running Bagle worm began spreading early Friday, bumping up warning levels from most security firms to their highest levels in over a month. Although three different versions of Bagle were launched almost simultaneously, one, dubbed Bagle.av,,, or, is spreading the fastest.

"It started showing up around 2 a.m. today Eastern time," said Stefana Ribaudo, the product manager for Computer Associates eTrust security program, "and first spread in Europe. When U.S. offices opened between 8 and 9, it really took off."

Computer Associates, for instance received 100 submissions of the new Bagle within an hour, while it went straight to the top of F-Secure's list of the most common viruses during the past 24 hours. U.K.-based security vendor BlackSpider noted that more than a million e-mails carrying the new Bagle had been sent as of early Friday morning, London time. It's not uncommon for worms and viruses to be seeded in large spam-style mailings, often with the help of large networks of hijacked PCs where each machine mails just a few messages to escape detection.

Whatever it's named -- Bagles have proliferated to such a degree that there's no longer a common naming system among anti-virus vendors -- the worm is relatively easy to spot, say analysts. The subject line is typically "Re: Hello," "Re: Hi," or "Re: Thank you!" The worm is disguised as a .exe, .scr, .com, or .cpl file named "Price" or "Joke."

Like earlier Bagles, this one spreads by grabbing e-mail addresses from compromised machines and remailing itself with its own SMTP server. It also spreads via shared network folders.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments