Bagle-B clobbers weary Net users
Print storyMore mass mailing worm madness
Posted in Anti-Virus, 17th February 2004 18:01 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Long-suffering Net users are finding their in-boxes clobbered again today with the appearance of yet another mass mailing worm.
Mercifully, Bagle-B is much less prolific than the recent MyDoom worm.
Bagle-B (AKA Tanx-A) normally arrives in emails with a subject line of "ID" followed by random characters and the message text: "Yours ID". Its payload includes a backdoor component which surrenders control over the infected machine to hackers. This comes in an attached .exe file with a randomly-generated filename.
Run this attachment on a Windows machine and your PC gets the pox. Mac or Linux boxes are immune.
The worm harvests email addresses from infected PCs and forwards itself to other prospective victims using a spoofed "From:" field.
Most AV vendors rate Bagle-B as a medium-level risk.
Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®
Related Stories
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive