News Stay informed about the latest enterprise technology news and product updates.

AV-disabling Bagle variant may take off

A new variant of the Bagle worm that turns off antivirus and personal firewalls is likely to spread rapidly, warn antivirus experts.

A new variant of the Bagle worm that turns off antivirus and personal firewalls is likely to spread rapidly, warn...

antivirus experts. Organizations blocking the .exe, .scr, .com and .cpl extensions significantly reduce their risk of infection to this worm, as well as many others.

W32/Bagle-AS@mm spreads via e-mail and peer-to-peer networks, and has a spoofed address and variable subject lines. The worm is also called Bagle-AZ (McAfee), Beagle-AR (Symantec), Worm_Bagle-AM (Trend Micro) and I-Worm.Bagle-AX (Virusbuster).

According to TruSecure Corp. in Herndon, Va., Bagle-AS communicates through backdoors on TCP port 81 and UDP port 81. McAfee Inc. in Santa Clara, Calif. said the worm opens TCP port 81 and a random UDP port on the victim machine.

McAfee lists Bagle-AS as a medium-level threat and said it's a mass-mailing threat that contains its own SMTP engine to construct outgoing messages. "Similar to previous variants, it harvests addresses from local files and then uses the harvested addresses in the from field to send itself. It contains a remote access component and copies itself to folders that have the phrase 'shar' in the name, such as common peer-to-peer applications, including KaZaA, Bearshare and Limewire," according to the McAfee advisory. The advisory also said that when the .exe file is run, the worm copies itself into the Windows System directory as Bawindo.exe.

In an advisory to its clients, TruSecure, soon to be known as Cybertrust, said the timing of the worm's release was of concern. The company cited both the lapse of nearly a month since the last variant circulated widely and also noted that the Virus Bulletin conference is taking place this week, possibly indicating an opportunity for script-kiddies to take advantage of the absence of many antivirus experts from their offices.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.