Bagle-B clobbers weary Net users

More mass mailing worm madness

Long-suffering Net users are finding their in-boxes clobbered again today with the appearance of yet another mass mailing worm.

Mercifully, Bagle-B is much less prolific than the recent MyDoom worm.

Bagle-B (AKA Tanx-A) normally arrives in emails with a subject line of "ID" followed by random characters and the message text: "Yours ID". Its payload includes a backdoor component which surrenders control over the infected machine to hackers. This comes in an attached .exe file with a randomly-generated filename.

Run this attachment on a Windows machine and your PC gets the pox. Mac or Linux boxes are immune.

The worm harvests email addresses from infected PCs and forwards itself to other prospective victims using a spoofed "From:" field.

Most AV vendors rate Bagle-B as a medium-level risk.

Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®

Related Stories

Say hello to the Bagle Worm
MyDoom dies today (February 12)

Sponsored: Driving business with continuous operational intelligence