Bagle variant spreads on the quiet

News

Bagle variant spreads on the quiet

Anti-virus software companies are again warning e-mail users about the latest version of the Bagel virus, which is spreading on the internet through infected e-mail messages and targeting machines running the Microsoft Windows operating system.

Bagle.U is the 21st version of an e-mail worm that first appeared in January. Unlike earlier versions of the worm, the latest variant eschews tricky subject lines or enticing messages, hiding in a file attachment to otherwise blank e-mail messages.

Once opened, Bagle.U opens a back door to infected systems, mails copies of itself to e-mail addresses it steals from the user's computer.

Thousands of copies of the Bagle variant were first spotted on Friday, following what is believed to be an initial e-mail "seeding" of the virus,  said iDefense, an information technology security services company.

Network Associates' Antivirus Emergency Response Team (Avert) rated Bagle.U a "medium" threat.

Anti-virus company F-Secure rated the latest version of Bagle a "level 2" threat, indicating "large infections".

The virus code is contained in an executable (.exe) format file with a randomly generated name. Users must double click on the file to open it. Also, many organisations block e-mail containing executable files from reaching users' inboxes. 

Once launched, the Bagle worm installs itself on Windows systems, begins listening for instructions on communications port 4751 and connects to a website in Germany to report the identity of the infected machine to the worm's author.

Bagle is one of a series of worm families that have been plaguing e-mail users in recent months. Latest versions of Bagle, as well as MyDoom and NetSky have been surfacing almost daily since January, prompting a frenzy of activity among anti-virus researchers who must identify and develop antidotes for each variant.

Experts are at a loss to explain the recent proliferation of worms, although some have cited an apparent "war" between the authors of the Bagle and NetSky worms as the motivation for the release of many of the variants.

The latest is programmed to stop spreading on 1 January 2005. However, at least one anti-virus expert expected many new versions of Bagle to be released in the coming weeks.

Paul Roberts writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy