Bagle-B clobbers weary Net users
More mass mailing worm madness
Posted in Security, 17th February 2004 18:01 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Long-suffering Net users are finding their in-boxes clobbered again today with the appearance of yet another mass mailing worm.
Mercifully, Bagle-B is much less prolific than the recent MyDoom worm.
Bagle-B (AKA Tanx-A) normally arrives in emails with a subject line of "ID" followed by random characters and the message text: "Yours ID". Its payload includes a backdoor component which surrenders control over the infected machine to hackers. This comes in an attached .exe file with a randomly-generated filename.
Run this attachment on a Windows machine and your PC gets the pox. Mac or Linux boxes are immune.
The worm harvests email addresses from infected PCs and forwards itself to other prospective victims using a spoofed "From:" field.
Most AV vendors rate Bagle-B as a medium-level risk.
Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®
Send corrections
Data control in the cloud
The new Office Garage series:
IT infrastructure monitoring strategies
