Skip to content

Biting the hand that feeds IT

The Register ®

Security:


Related Whitepapers

[Print][Mobile][Alerts]

Bagle variants served up with spam

Trojan version goes into 'stealth mode'

Published Tuesday 1st March 2005 14:35 GMT

Spamming tactics are being used to distribute multiple versions of a new Trojan. The malware is similar to the Bagle email worm except for the absence of email spreading functionality.

Most of the samples seen so far include a ZIP attachment which, when opened, includes a program file named "doc_01.exe" or "prs_03.exe", or some other innocuous sounding name. If the malware inside this ZIP file is opened, the Trojan may attempt to download more malicious code from a pre-programmed list of websites. Typically, Bagle Trojan variants also attempt to disable anti-virus and personal firewall software. Anti-virus firm Sophos reports the detection of four distinct variants of the Bagle Trojan.

The spamming tactics are a repeat of a ploy used in spreading a batch of Bagle variants in September 2004. This time around the bulk mailing is more aggressive.

More than 75,000 emails containing variants of the Bagle were blocked by email security company BlackSpider Technologies on Tuesday (1 March). Anti-virus firms are working on releasing updated signature files to detect the malware. Meanwhile, analysis work continues. Sophos advises firms to block executable files in email at corporate gateways. ®

Related stories

New Bagle worm drops in and downloads
Zombie PCs spew out 80% of spam
VXers creating 150 zombie programs a week
Botnets, phishing and spyware

Track this type of story as a custom Atom/RSS feed or by email.
Previous Article Next Article
whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..
whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..
Whitepapers

Top 20 storiesAll The Week’s HeadlinesArchiveSearch