New twist from Bagle worm

Antivirus and security companies have warned that a sneakier version of the Bagle e-mail worm is spreading quickly on the...

Antivirus and security companies have warned that a sneakier version of the Bagle e-mail worm is spreading quickly on the internet.

Sam Curry, vice-president of e-Trust Security Management at Computer Associates, said the newest version of Bagle could trick antivirus software and content filtering products. He rated the worm a "medium" threat.

The new version of Bagle is nearly identical to earlier versions: it contains its own SMTP e-mail engine, gleans e-mail addresses from files stored on hard drives, and sends copies of itself to those addresses using spoof sender addresses.

However, Curry said the new variant of Bagle was harder to catch. Among other things, it injects a DLL file into Windows that disguises it as Microsoft's Internet Explorer web browser. Bagle can then fool firewalls by masquerading as IE and request and download malicious files with impunity. 

The new variant also alters the names of files it requests in transit to get past content blocking products that inspect web traffic. For example, it can relabel program files as innocuous JPG images, which content filtering products typically allow. Once downloaded, Bagle changes the file extensions back to EXE and runs the programs.

Curry said that simplying viewing the ZIP-format e-mail attachment containing the worm using Windows Explorer or Internet Explorer would install Bagle.

CA and other antivirus software companies have released updated virus definitions to spot the new variant.

Paul Roberts writes for IDG News Service



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...