Feeds

Bagle-U plays MS Hearts

Key to victim's PC

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A new variant in the Bagle worm series - Bagle-U - is spreading quickly across the Internet this morning.

As with its 20 previous siblings, Bagle-U spreads vy email. This time, infected emails have an empty subject, no body text and a randomly-named attachment containing malicious code.

If this attachment is run, the worm opens Microsoft Hearts card game (MSHEARTS.EXE file) before going through what have become standard virus routines, common to all the worms in the Bagle series.

The worm scours a user's hard disk for email addresses and sends copies of itself onto those addresses. It also installs a backdoor that listens to port 4751. As before, the worm connects to a website (this time in Germany) and reports backdoor IDs and ports to the worm's author.

Email filtering firm MessageLabs has blocked 8,000 copies of Bagle-U this morning, and places the worm in the medium to high-risk category.

Standard defensive precautions apply: update anti-virus signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®

Related stories

Say hello to the Bagle Worm
Bagle-B clobbers weary Net users
Latest Bagle worms spread on auto-pilot

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.