Ha, ha you're infected
PrintNew Bagle worm poses as 'joke' message
Posted in Malware, 29th September 2004 11:01 GMT
Free whitepaper – SPECjbb2005 performance and power consumption on Dell, HP, and IBM blade servers
A new version of the infamous Bagle worm series is spreading widely across the net.
Bagle-AS (AKA Bagle-AZ) normally arrives in emails with a price or joke-related (infected) attachments with exe, cpl, scr or com extensions. Subject lines are picked one of a series of innocuous greetings such as Re: Hello, Re: Thank you! or Re: Hi. Open these on a vulnerable Windows box and you get the pox.
The worm scours the hard disk of infected PCs for the email addresses of potential victims. In common with its siblings, Bagle-AS bulk-mails copies of itself to target addresses using its own SMTP (simple Mail Transfer Protocol) engine. The From: lines of these messages are spoofed.
Bagle-AS also spreads via P2P networks, such as Kazaa, by secreting copies of itself on the shared folders of infected PCs. The worm also tries to disable a range of security applications, along with any instances of the NetSky worm it finds on infected machines.
As with previous variants, Bagle-AS contains a backdoor that enables virus writers or their associates to control infected machines. Bagle-AS is a Windows-only risk. Most AV vendors rate Bagle-AS as a medium category nuisance. Standard precautions apply (vigilance about unsolicited messages, updating AV protection, tin-foil hats etc.) ®
Related stories
P-cube goes hunting for zombie PCs
Sasser author gets IT security job
New Bagle worm drops in and downloads
Price isn't right for new Bagle variant
Analyst Keynote: The Register Agile Data Center Summit
Analyst Keynote: The Register Agile Data Center Summit
Enabling The Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive