Security threats Toolkit

Four new Bagles emerge in two days

Published: 19 Mar 2004 08:25 GMT

The Bagle computer virus has almost finished off the alphabet.

Virus writers' penchant for modifying the source code for the program has resulted in four new variants -- Bagle.Q, Bagle.R, Bagle.S and Bagle.T -- in the past two days, antivirus firms said on Thursday.

The viruses attempt to use an ActiveX vulnerability, discovered in August, to automatically upload and run a program on the victim's computer, without needing the user to run a file. The viruses pose a threat to Windows users who have not updated their operating system since the patch came out in August.

"It is definitely a new thing that is involved," said Oliver Friedrichs, a senior manager in Symantec's security response team. "Most of the vulnerabilities used in the past have the program as part of the virus."

The four new variants of the virus, which Symantec calls "Beagle," add to the slew of slightly modified programs attempting to infect Internet users. Virus writers have used the Bagle, NetSky and MyDoom worms to attempt to gain control of large numbers of PCs. Comments in some of the programs have led researchers to believe that the authors of at least two of the worms are competing against each other.

The latest Bagle variants add an infection mechanism, which uses a flaw in Windows that was patched in August. PC users who haven't updated the operating systems could, upon viewing an email message containing the virus, cause their system to download and run a malicious program.

However, many of the Web sites that had acted as locations from which to download the attack code have been taken offline, said Friedrichs.