Security threats Toolkit

Bagle pops up again

Tags:
Worm,
Bagle

Joris Evers CNET News

Published: 29 Jun 2005 08:55 BST

Bagle pops up again The latest version of the worm was mailed out to thousands of unsuspecting users over the weekend, in an attempt to hijack PCs

A new version of the Bagle worm is attempting to turn PCs into zombies for use in botnets.

The variant surfaced over the weekend and was spammed to tens of thousands of Internet users, Ero Carrera, a researcher at F-Secure, said on Tuesday. The antivirus software maker is calling the offshoot Mitglieder.CN, but it is known by other names, such as Bagle.BQ or Tooso.J, at other security companies.

The latest Bagle behaves in a similar way to its predecessors that don't self-propagate. It arrives in an email with a attachment, then when the file is executed, the malicious program tries to disable firewalls and antivirus software. It then attempts to download and run a Trojan horse that hijacks the infected PC for use as part of a botnet.

Botnets are groups of compromised PCs, often numbering in the thousands per network, that are generally rented out to relay spam, to launch denial-of-service attacks, or to perform other malicious acts.

"Compromised PCs could be used to send out new variants of Bagle," for example, Carrera said.

Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.

Most antivirus companies updated their products over the weekend to protect customers against the new virus. "It is not going to be a major issue," Mikko Hyppönen, director of research at F-Secure, said on Monday.

Symantec rates the new variant a low risk because it has not spread much. "Our rate of submissions is slowing down on that variant, so we don't consider it to be a significant threat," a Symantec representative said on Monday.