On CHOW: Can girls use the guys' bathroom?
BNET Business Network:
BNET
TechRepublic
ZDNet
32 TalkBacks

By Andrew Colley
Posted on ZDNet News: Jan 19, 2004 4:10:00 PM

Computer security experts fear a new worm that began spreading rapidly across Australian e-mail networks on Sunday could be a rehearsal for a more concerted attack in coming weeks.

The worm--dubbed Bagle-A--carries an expiration date, possibly indicating that more robust versions of the worm could be slated for release soon, said Daniel Zatz, security director for Computer Associates Australia.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
While Bagle-A is already successful--responsible for an 80 percent increase in queries to CA's help desk and in virus submissions to rival computer security company Sophos--the current version of the worm contains bugs, Zatz said.

Comparing Bagle to the infamous Sobig virus that flooded global e-mail networks last year, Zatz said he fears that a more virulent version of the new worm could appear soon.

"One of our biggest concern is that if we look back a year ago at the Sobig variants, they all had drop-dead dates, and every time one hit that drop-dead date a new variant came out--a new and improved variant of it," Zatz said.

Audiocast
arrow Who's behind Internet worms and hacks?
play audio

Bagle-A is due to expire Jan. 28, suggesting that tuned variations of the worm could appear as early next week.

Bagle-A's creators, like authors of many previous successful worms, have relied on the ignorance and curiosity of e-mail users for the worm's success.

The worm arrives in e-mail in-boxes as a message containing few lines of text suggesting the e-mail may be from system administrator, as well as an executable attachment. When the attachment is activated by its receiver the worm then installs a program on the recipient computer that allows the worm to be e-mailed on to other users in the system's local address book.


Special report
A 20-year plague
Decades after creation,
viruses defy cure.
The worm also attempts to install a backdoor or Trojan horse on infected machines, listening for activity on port on 6777.

Sean Richmond, support manager with antivirus software vendor Sophos Australia and New Zealand, said the company was still examining the Trojan horse to see what else it's capable of.

Given that most corporate e-mail servers block transmission of executable attachments, CA's Zatz believes that home and medium-size business users are responsible for spreading the new worm.

Another possible factor in the worm's success, Zatz said, was the fact the worm's creators programmed the worm to e-mail itself to handful of popular domains to evade swift detection by dominant Web enterprises such as Hotmail, MSN and a large Russian computer security agency.

Users who suspect their computers may be infected with the virus should look for a file called bbeagle.exe in their Windows System directory. The file disguises itself with Microsoft familiar calculator icon.

Andrew Colley of ZDNet Australia reported from Sydney.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 32 Talkback(s)
google stats
Operating Systems Used to Access Google
~~~~~~ Oct/Nov, 2003 ~~~~~~
Windows XP 42%
Windows 98 27%
Windows 2000 19%
Windows NT 3%
Macintosh 3%
Windows 95 1%
Linux 1%
Other 4%... (Read the rest)
Posted by: middle_road Posted on: 01/20/04 You are currently: a Guest | | Terms of Use
Sounds like money  Chad_z | 01/19/04
What Do You Do For A Living ???  nikoli | 01/19/04
Not this time  Chad_z | 01/19/04
Sorry Charlie  nikoli | 01/20/04
I'm Charlie, I'm with YOU, OpenOfc is Crapware  CAJonesIT | 01/20/04
ISA Server is deployed, nothing to fear  Mike Cox | 01/19/04
That's great, Mike!  GraysonPeddie | 01/19/04
Solution: more intelligent users  d_jedi | 01/19/04
Okay, where are we supposed to get some of those?  KSchaefer | 01/20/04
But the MS shills say there are no associated costs!  jellyclock | 01/19/04
linsux  guitar player | 01/19/04
Apache to the rescue!  spinit | 01/19/04
Why let details get in the way?  nikoli | 01/19/04
Ever hear of servers?  IT_User | 01/19/04
What 30?  doe_z | 01/19/04
Well, actually it is  nikoli | 01/20/04
google stats  middle_road | 01/20/04
80,000... which version?  nikoli | 01/19/04
You heard it folks -- no costs!  X Marks The Spot | 01/19/04
Factor This!  spinit | 01/19/04
Thanks for your kind words and sentiments  FilledOut | 01/19/04
someday this pridiction will be correct  JWatson77 | 01/19/04
You are just instilling fear...  Mike Cox | 01/19/04
Yep  Teran | 01/19/04
I'm So Scared~~~~~~~~~  nikoli | 01/19/04
Learn Something New Every Day  nikoli | 01/19/04
What is easier and more dangerous?  Vily Clay | 01/19/04
What I learned  Fred Fredrickson | 01/19/04
My Point Was  nikoli | 01/20/04
A very nice letter  MuffinMan_z | 01/19/04
Mr MuffinMan  hjtharp | 01/20/04
How Is Linux NOT a Copy Cat  nikoli | 01/20/04

What do you think?

advertisement
Click Here
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here