New Bagle variants spreading

By Bill Brenner, News Writer 27 Jan 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

New variants of the prolific Bagle worm were spreading across cyberspace Thursday morning, prompting several antivirus firms to issue alerts.

Bagle-AY and Bagle-AX spread through tainted e-mail messages. Kaspersky Lab of Russia issued a severe-risk alert to its customers, while Danish security firm Secunia labeled the worms a medium-risk.

At this point, Bagle-AY appears to be spreading more rapidly. In addition to e-mail, Lynnfield, Mass.-based antivirus firm Sophos said this variant also spreads through peer-to-peer file-sharing networks. And it will try to disable antivirus and other security tools running on infected PCs.

"Everyone should be cautious of unsolicited e-mail attachments and be wary of what they download from Internet file-sharing networks," Graham Cluley, senior technology consultant for Sophos, said in a statement. "So far, 2005 has been fairly quiet in terms of brand new virus outbreaks. If everyone applied computer security common sense it would help keep it that way."

According to Sophos, the worm uses such subject lines as:

• Delivery service mail;
• Delivery by mail;
• Registration is accepted;
• Is delivered mail; and
• You are made active.

Finnish security firm F-Secure said Bagle-AY sightings had been reported in several different countries by early Thursday morning. The firm said this variant was similar to Bagle-AX in that it is polymorphic, arrives in e-mails with variable subjects and attachments and has peer-to-peer spreading capabilities. Bagle-AY also contains a backdoor that listens on TCP port 81 and is programmed to cease its activity on April 25, 2006.

Secunia's advisory links to alerts from seven antivirus firms and includes different aliases each use to identify the new variants.

Tags: Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary