Four new Bagle worms added to Internet soup

By Robert Lemos
Posted on ZDNet News: Mar 19, 2004 1:00:00 AM

Virus writers' penchant for modifying the source code for the program has resulted in four new variants--Bagle.Q, Bagle.R, Bagle.S and Bagle.T--in the past two days, antivirus firms said on Thursday.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The viruses attempt to use an ActiveX vulnerability, discovered in August, to automatically upload and run a program on the victim's computer, without needing the user to run a file. The viruses pose a threat to Windows users who have not updated their operating system since the patch came out in August.

"It is definitely a new thing that is involved," said Oliver Friedrichs, a senior manager in Symantec's security response team. "Most of the vulnerabilities used in the past have the program as part of the virus."

The four new variants of the virus, which Symantec calls "Beagle," add to the slew of slightly modified programs attempting to infect Internet users. Virus writers have used the Bagle, NetSky and MyDoom worms to attempt to gain control of large numbers of PCs. Comments in some of the programs have led researcher to believe that the authors of at least two of the worms are competing against each other.

The latest Bagle variants add an infection mechanism, which uses a flaw in Windows that was patched in August. PC users who haven't updated the operating systems could, upon viewing an e-mail message containing the virus, cause their system to download and run a malicious program.

However, many of the Web sites that had acted as locations from which to download the attack code have been taken offline, said Friedrichs.