Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Virus writers have released a new version of the Bagle worm, on the back of the source code released into the wild earlier this month.

Bagle-AF (AKA Bagle-AB or the 'Apprentice' worm) is spreading quickly across the Net, following its release yesterday. Most anti-virus firms rate it as medium risk.

Bagle-AF opens a path for intruders to relay bulk email messages through infected PCs. The worm tries to contact one of 141 compromised German websites to let its creators know which PCs it has infected. The worm leaves open a backdoor on compromise computers, which can then be used to spread spam or as zombie drones in DDoS attack networks.

The latest variant of Bagle is little different from its predecessors. Like the other it normally arrives in email as an attached file. It can also spread over P2P networks.The worm can arrive in the form of a password-protected .ZIP file, with the password included in the message body of an infected email or within an attached image. Earlier versions of Bagle used the same trick.

On infection, the worm begins emailing out copies of itself to any email addresses it finds on compromised PCs. Bagle-AF also tries to stop a range of security applications from running, along with any copies of NetSky it finds (continuing a long-running spat).

Standard defence precautions apply against virus attacks from all versions of the worm: users should update their AV signature definition files to detect the virus and resist the temptation to open suspicious looking emails. ®

Related stories

Bagle source code unleashed
Phatbot arrest throws open trade in zombie PCs
Zombie PCs spew out 80% of spam
Virus writers in malicious code hide-and-seek
War of the worms turns into war of words (NetSky vs Bagle)

Agentless Backup is Not a Myth