Feeds

Bagle variant outstrips Google-bashing worm

More viral madness

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A new variant of the Bagle email worm is spreading rapidly across the internet today. Email filtering firm BlackSpider Technologies reports that it was blocking 2000 copies of Bagle-AT an hour since its first appearance earlier this morning.

Bagle-AT is one of three new variants of the long-running email worm series released over the last 24 hours but the only variant to cause a significant problem. Emails infected with Bagle-AT come with one of several executable attachments (COM, EXE, SCR) and attachment names such as Price or Joke. Typical subject lines of infected emails include 'Re: Hello' or 'Re: Thank you!'.

Like previous variants, Bagle-AT is also capable of copying itself into shared folders of infected machines, thereby allowing it to spread across file-sharing networks. Also in common with its siblings, Bagle-AT contains a backdoor that enables virus writers or their associates to control infected machines. The worm also tries to disable a range of security applications, along with any instances of the NetSky worm it finds on infected machines. Anti-virus vendors rate Bagle-AT as a medium to high risk threat.

Google-bashing worm makes modest debut

In other viral news, a new email worm which launches a denial of service attack from infected PCs against Microsoft, Google and the Hungarian Prime Minister's website is spreading (modestly) across the Internet. The Zafi-C worm is far less widespread than the earlier variants of the worm. Most AV vendors rate it as a low risk.

Nonetheless Windows users would be well advised to be on the look-out for emails with subject lines such as "Re: Hey buddy!" and "Re: very sick little girl!" that fit the profile of Zafi-infected emails. If users run the attached file, it can launch a distributed denial of service attack against the website of the newly-appointed Prime Minister of Hungary, the millionaire businessman Ferenc Gyurcsány, as well as attacking the websites of Google and Microsoft. All three of the targeted sites are readily available at the time of writing.

The previous version of the Zafi worm, Zafi-B, has continued to spread widely since June with a message calling for the death penalty to be introduced in Hungary.

All the email worms discussed above only infected Windows machines, as is the local custom. ®

Related stories

Rise of the Botnets
Phatbot arrest throws open trade in zombie PCs
New Bagle worm drops in and downloads
Price isn't right for new Bagle variant
Zafi-b speaks in many tongues

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.