Channel News and Analysis - Channel Insider
 
 

New Bagle Variant Raises Alarms

DATE: 2004-09-29
By Larry Seltzer

Article Rating:starstarstarstarstar / 0

Rate This Article:
Poor Best
Add This Article To:
Anti-virus companies have elevated the threat level for the latest version of the persistent worm.

A new variant of the Bagle worm is showing more prevalence than usual, according to anti-virus companies.

The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level for this worm because of increased submissions to their monitoring services compared with the average Bagle variant.

Click here to find out why security researchers are puzzled by Bagle's success.

All the major companies offer protection against the worm. Symantec also has a removal tool.

Many e-mail programs, including Microsoft Outlook and Outlook Express will, in the default configuration, delete the infected executable attachment to the e-mail message in which the worm arrives.

According to Trend Micro's description, the message comes from a spoofed address. The subject line is either "Re: Hi!," "Re: Thank you!," or "Re: Thanks :)," and the message body is always ":))." The message comes with an attachment with a file name of "Joke" or "Price," which has an extension of either ".com," ".cpl," ".exe," or ".scr."

Once the user runs the executable, it drops a copy of itself in the user's Windows System folder and sets Windows to load it when the computer boots up.

The worm attempts to propagate by copying itself to shared folders for LANs and peer-to-peer networks, and through a conventional e-mail distribution using a built-in SMTP engine. It attempts to terminate a large number of security-related programs, such as anti-virus software.

In keeping with Bagle tradition, it also attempts to interfere with the Netsky worm by removing several registry keys used by Netsky and creating mutexes, which are variables in the operating system that Netsky checks for.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page



Discuss New Bagle Variant Raises Alarms
 
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Channel News and Analysis Articles          >>> More By Larry Seltzer
 



 

Vizard: IBM Gets Principled About the Channel
Big Blue looks to improve its reputation with a Principles of Engagement document governing how internal salespeople deal with the channel.

CHANNEL DEEP DIVES
CareersLinux and Unix
Computer NetworkingPrinters
SecuritySMB Partner
StorageSurveys
Solution BuilderMessaging/Collaboration
Dell ResellersMicrosoft Partners

SIGN UP FOR CHANNEL INSIDER NEWSLETTERS
Reliable, timely information on the business of technology. Sign up now.

ZDE Services
> Ziff Davis White Paper Library

> Baseline ROI Calculators

> eWEEK Labs RFPs and Tools

 
CHANNEL RESOURCE CENTER
HP StorageWorks Scalable NAS is highly available, scalable network-attached storage for any industry solution. To learn how you can take full advantage of fault-tolerant NAS that seamlessly scales capacity and performance, visit: http://www.hp.com/go/scalablenas


Feature Video: What Can Green Do For You?
There are many ways that systems can be run faster or more efficiently, using less energy and thereby reducing costs. Watch now!
Microsoft-hosted solution offers you advanced customer relationship management capabilities without a major investment in IT and staffing.
Try It for free for 30 days!
 

 
   Sponsored Links     
 

  • BMore partners and opportunities: Join Partnerpedia
  • The New Latitude: Dell’s longest battery life yet.
  • Improve the customer experience with Dialogue
  • Rackspace:The Smart and Cost-Effective IT Solution
  • Meet the demand for green technology with HP desktops
  • Download the “Best Antivirus Product of 2007”


    •    Channel Insider      Contact Us | Advertise | Site Map | VARs | System Builder
    eWEEK Quick LInks Storage Devices | Networking Security | Network Infrastructure | Wireless Networking | Database Management Systems | PC Desktops | Web Programming | Enterprise Solutions Linux Operating Systems | Mac Operating System | Mobile Messaging | Internet Telephony Microsoft Windows News | Google Watch | IBM Watch

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | ROI Calculators | Tech Video

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Channel Insider is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise, Inc. is prohibited.