Latest Bagle masquerades as quote
Published: 10 Aug 2004 08:35 BST
A prolific new variant of the mass-mailing Bagle worm began flooding email accounts Monday with bogus price quotes.
Like previous versions of Bagle, the new Bagle.AQ worm spreads by sending out messages with an infected attachment compressed under the common Zip format. Both the name of the attachment and the body of the message are a variant on "price" or "new price."
Unlike earlier Bagles, the new version also packs in a three-year-old piece of JavaScript code that, once executed, attempts to send the infected PC to various Web sites to pick up more Bagle code, said Vincent Gullotto, vice president of the antivirus emergency response team for security specialist McAfee.
Bagle.AQ started spreading on Monday morning and quickly began bombarding some corporate email systems with thousands of infected messages, Gullotto said.
"It made its way into the public eye in a rather grandiose fashion," he said.
Gullotto attributed the worm's fast start to use of the old JavaScript trick and initial distribution that included an unusually large number of email addresses to target. "Someone has used a rather spamlike technique to get it going," he said.
Those same techniques should also ensure a relatively brief heyday for the worm, as email security systems learn to block the variant, Gullotto said. "I don't expect it'll last more than 24 hours," he said. "Then it's onto the next pest."
The initial Bagle virus emerged early this year and appeared to be a fairly standard mass-mailing worm. But the pest has gone on to spawn dozens of variations, thanks partly to an apparent feud between the Bagle coder and the creator of the rival Netsky worm.
Did you find this article useful?
66 out of 95 people found this useful
- Share this article:
