On CHOW: Why are shopping carts so hard to steer?
BNET Business Network:
BNET
TechRepublic
ZDNet
35 TalkBacks

By Robert Lemos
Posted on ZDNet News: Jul 19, 2004 9:25:00 PM

A new version of the Bagle computer virus started spreading on Monday among PCs connected to the Internet, and antivirus companies warned that more variants are sure to come.

The latest virus, called Bagle.AI by some antivirus companies and Beagle.AG by others, spreads through e-mail as an attached file, which infects a user's PC when opened. The virus is extremely similar to previous versions of the program but uses a different form of compression as a way to dodge virus defenses.

"It really looks likes someone took the source code and changed a small number of things and then re-released it," said Oliver Friedrichs, senior manager for antivirus company Symantec's security response team.

Symantec rated the virus as a three on its five-point scale, and rival McAfee called Bagle.AI a medium threat.

The latest Bagle virus is the fourth variation found by antivirus companies in a week. Earlier this month, the program's writer released a version of the virus that contained the source code, the computer commands that can be compiled to make the virus. Antivirus companies believe the move will lead virus writers to create a greater number of variants.

"When the source code is available, it opens up the door to anyone making changes and releasing a new variant," Symantec's Friedrichs said. "It lowers the bar quite dramatically."

Another program with publicly available source code, Agobot, has more than 900 variations.

Bagle.AI arrives in e-mail as an attached file and infects computers running the Windows operating system if the user opens the file. The program harvests e-mail addresses from the infected machine and sends out messages to every address, with itself attached. The "from" field in the e-mail is forged to confuse the source of the message.

Like a previous version, the program also attempts to stop more than 250 security applications from running on the computer and contacts one of nearly 150 German Web sites to let the attackers know of their latest conquest.

The virus also copies itself to any directory that bears a name containing the word "shar," a means of targeting users of peer-to-peer software and to spread across network shares.

Computers compromised by the virus will likely be open to exploitation by spammers.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 35 Talkback(s)
Sigh
The default account that is set up for you in Windows is an admin account. So any idiot who logs into their XP machine is usually running on the admin account. Any of the software they install has the... (Read the rest)
Posted by: johnnyu Posted on: 07/23/04 You are currently: a Guest | | Terms of Use
And toasting Microsofts reputation. 50 billion can't stop the problems.  DonnieBoy | 07/19/04
Old News  RobertoSalazar | 07/19/04
Standard / BORING News on MS Insecurity  michael-t | 07/19/04
But it is getting attentilon, FireFox downloads are at an all time high.  DonnieBoy | 07/19/04
It shouldn't take an  michael-t | 07/19/04
Wintel = ignorant masses.  Outside T. Box | 07/20/04
Wintel = ignorant masses  charlesgoff | 07/20/04
A little sensitive aren't we???  DonnieBoy | 07/20/04
So Where's the News ???  Plain Logic | 07/19/04
Agree  CobraA1 | 07/20/04
Time to start using..  szoszon | 07/19/04
What does this have to do with MSFT?  PlatformAgnostic | 07/19/04
Everything!  Seething Ganglia | 07/19/04
You're out of date  wolf_z | 07/20/04
Wrong  Fritz001 | 07/20/04
NTFS allows setting permissions  CobraA1 | 07/20/04
Except XP and W2K can be set up that way  voska | 07/20/04
Sigh  johnnyu | 07/23/04
Do some research.. Windows is flawed by Design(TM)  Xunil_Sierutuf | 07/20/04
Form and Function  han810p@... | 07/20/04
If what you say is true,  Linux User 147560 | 07/20/04
What a bunch of FUD!  Outside T. Box | 07/20/04
Source of Information  han810p@... | 07/20/04
Not sure how Microsoft's stock is effected  voska | 07/20/04
Mike Nash MS security guru shows he cares  Squawkbox | 07/19/04
"M$hills to Base, M$hills to Base... requesting orders!"  Xunil_Sierutuf | 07/19/04
Linux Fanatics being recalled to nerd academy  PmAc_z | 07/20/04
Thanks for the prompt reporting... NOT!  BitTwiddler | 07/20/04
Does anyone know what the new "Backdoor.Trojan" is ?  BitTwiddler | 07/20/04
W32.something....  Xunil_Sierutuf | 07/20/04
Can you post more info.?  computer_man | 07/20/04
Does anyone know what the new "Backdoor.Trojan" is ?  rperry@... | 07/20/04
So many of them that I've lost count. . .  boomslang_z | 07/20/04
The Issue is not Microsoft  GEM_z | 07/20/04
Good Point  han810p@... | 07/20/04

What do you think?

advertisement
advertisement
Click Here

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here