Bagle Worm Back!!!!
Antivirus companies warn of new Bagle variants.
New versions of the Bagle worm rolled onto the Internet today, prompting antivirus companies to warn customers about the threat and to push out software updates to spot the new worms.
Three new versions of Bagle have been seen by antivirus companies, each similar to earlier forms of the worm, which first stormed onto the Internet in January, spreading through infected e-mail file attachments.
McAfee Inc. rated two of the new worms "medium" threats. Other antivirus vendors, including Symantec Corp. and Sophos PLC, also reported intercepting many samples of the new worms and advised customers to update antivirus signatures as soon as possible.
McAfee's Antivirus Emergency Response Team spotted its first sample of Bagle.bb, one of the new variants, at 11:30 p.m. Pacific time yesterday. Since then, the company received about 200 reports of the virus and intercepted two more variants, dubbed Bagle.bc and Bagle.bd, according to Vincent Gullotto, vice president of McAfee's AVERT.
McAfee rates Bagle.bb and Bagle.bd "medium" threats, based on the number of submissions they received for each.
The new variants are almost identical to each other, but use slightly different versions of a compression program, known as a packer, to shrink the size of the virus, creating a different profile, or signature, that can fool some antivirus programs.
At Sophos, virus researchers have had thousands of reports of the Bagle.bb virus from customers since early today, according to Graham Cluley, Sophos senior technology consultant. Sophos labeled the worm Bagle.au.
The company has also captured copies of the two new Bagle variants.
The first Bagle worm appeared Jan. 19. Since then, more than 40 versions of the worm have appeared.
Like the first worm, all subsequent versions target systems running Microsoft Windows, harvest e-mail addresses from infected machines and use their own SMTP (Simple Mail Transfer Protocol) to send virus-infected e-mail to addresses it captures. Bagle can also spread over peer-to-peer networks, planting files disguised to look like pornography or software in shared folders used by the networks.
The Bagle variants arrive in e-mail messages with forged, or spoofed, source addresses and vague subjects such as "Re:Hello," "Re: Thank you!" and "Re: Hi," according to McAfee.
The new variants don't break any ground in the world of virus design or social engineering, which is the use of clever messages and e-mail subject lines to entice recipients to open the infected virus file.
Despite the large number of copies of the virus, Sophos reported few customer infections.
The large initial showing from the new Bagle worms could be because of a big distribution of the virus, or "seeding," through networks of compromised machines. After the initial "blip," reports of the new Bagle worms should fade quickly as customers update antivirus signatures and clean up infected machines.
In addition, users need to update their knowledge of proper e-mail hygiene.
"You can patch your antivirus software, but you can't patch people's brains," he said. "Users have to understand that you don't double-click on a file attachment. They have to start thinking before they launch a file on their computer."
Read more!
New versions of the Bagle worm rolled onto the Internet today, prompting antivirus companies to warn customers about the threat and to push out software updates to spot the new worms.
Three new versions of Bagle have been seen by antivirus companies, each similar to earlier forms of the worm, which first stormed onto the Internet in January, spreading through infected e-mail file attachments.
McAfee Inc. rated two of the new worms "medium" threats. Other antivirus vendors, including Symantec Corp. and Sophos PLC, also reported intercepting many samples of the new worms and advised customers to update antivirus signatures as soon as possible.
McAfee's Antivirus Emergency Response Team spotted its first sample of Bagle.bb, one of the new variants, at 11:30 p.m. Pacific time yesterday. Since then, the company received about 200 reports of the virus and intercepted two more variants, dubbed Bagle.bc and Bagle.bd, according to Vincent Gullotto, vice president of McAfee's AVERT.
McAfee rates Bagle.bb and Bagle.bd "medium" threats, based on the number of submissions they received for each.
The new variants are almost identical to each other, but use slightly different versions of a compression program, known as a packer, to shrink the size of the virus, creating a different profile, or signature, that can fool some antivirus programs.
At Sophos, virus researchers have had thousands of reports of the Bagle.bb virus from customers since early today, according to Graham Cluley, Sophos senior technology consultant. Sophos labeled the worm Bagle.au.
The company has also captured copies of the two new Bagle variants.
The first Bagle worm appeared Jan. 19. Since then, more than 40 versions of the worm have appeared.
Like the first worm, all subsequent versions target systems running Microsoft Windows, harvest e-mail addresses from infected machines and use their own SMTP (Simple Mail Transfer Protocol) to send virus-infected e-mail to addresses it captures. Bagle can also spread over peer-to-peer networks, planting files disguised to look like pornography or software in shared folders used by the networks.
The Bagle variants arrive in e-mail messages with forged, or spoofed, source addresses and vague subjects such as "Re:Hello," "Re: Thank you!" and "Re: Hi," according to McAfee.
The new variants don't break any ground in the world of virus design or social engineering, which is the use of clever messages and e-mail subject lines to entice recipients to open the infected virus file.
Despite the large number of copies of the virus, Sophos reported few customer infections.
The large initial showing from the new Bagle worms could be because of a big distribution of the virus, or "seeding," through networks of compromised machines. After the initial "blip," reports of the new Bagle worms should fade quickly as customers update antivirus signatures and clean up infected machines.
In addition, users need to update their knowledge of proper e-mail hygiene.
"You can patch your antivirus software, but you can't patch people's brains," he said. "Users have to understand that you don't double-click on a file attachment. They have to start thinking before they launch a file on their computer."
Read more!
Google for Related Stuff:
posted by sikandar at 12:44 PM
1 comments
