KTM
16-07-2004, 23:50
By Jay Wrolstad
Enterprise Security Today
July 16, 2004 2:15PM
A new variant of the Bagle virus bombarded Windows users on Thursday, but the attack tapered off overnight and appears to have been less damaging than previous iterations of the worm.
Windows users got a rude greeting from another variant of the Bagle virus Thursday, as the mass-mailing worm reappeared in what appears to a more benign iteration.
Known alternately as "Bagle.af" or "Beagle.ab," the new virus uses its own SMTP engine, included in e-mail attachments, to gain access to a machine. Once inside, it collects addresses from the infected computer and opens a backdoor on the PC .
Rapid Proliferation
The mass mailings may clog mail servers or degrade network performance, and the worm can cancel certain security-related programs. It also allows unauthorized remote access to a compromised host computer.
The bogus e-mail's subject line, body and attachment name vary. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension.
"The biggest difference with this version is that it spread faster than earlier Bagle worms," said Vincent Gulloto, vice president of McAfee Avert. The number of reports tailed off overnight, he told NewsFactor, which is typical of mass-mailing worms.
Infections were reported by businesses and consumers, with a number of universities affected as well, Gulloto said. It is difficult to determine whether this version is the result of Bagle virus code released earlier this month, he said, although that is likely. "This looks more like a copycat of previous viruses."
Sharing the Infection
This worm, which first appeared in January, is particularly nasty because of its ability to spread via e-mail or through peer-to-peer file sharing networks, such as Kazaa , BearShare or LimeWire.
The "from" address of messages is spoofed, and an attachment can be a password-protected zip file, with the password included in the message body. The virus has a remote-access component and copies itself to folders that have the phrase "shar" in the name.
Symantec rated the latest Bagle virus a three on its five-point scale, and McAfee listed it as a "medium" danger.
ะ็ใ็: http://www.newsfactor.com
Enterprise Security Today
July 16, 2004 2:15PM
A new variant of the Bagle virus bombarded Windows users on Thursday, but the attack tapered off overnight and appears to have been less damaging than previous iterations of the worm.
Windows users got a rude greeting from another variant of the Bagle virus Thursday, as the mass-mailing worm reappeared in what appears to a more benign iteration.
Known alternately as "Bagle.af" or "Beagle.ab," the new virus uses its own SMTP engine, included in e-mail attachments, to gain access to a machine. Once inside, it collects addresses from the infected computer and opens a backdoor on the PC .
Rapid Proliferation
The mass mailings may clog mail servers or degrade network performance, and the worm can cancel certain security-related programs. It also allows unauthorized remote access to a compromised host computer.
The bogus e-mail's subject line, body and attachment name vary. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension.
"The biggest difference with this version is that it spread faster than earlier Bagle worms," said Vincent Gulloto, vice president of McAfee Avert. The number of reports tailed off overnight, he told NewsFactor, which is typical of mass-mailing worms.
Infections were reported by businesses and consumers, with a number of universities affected as well, Gulloto said. It is difficult to determine whether this version is the result of Bagle virus code released earlier this month, he said, although that is likely. "This looks more like a copycat of previous viruses."
Sharing the Infection
This worm, which first appeared in January, is particularly nasty because of its ability to spread via e-mail or through peer-to-peer file sharing networks, such as Kazaa , BearShare or LimeWire.
The "from" address of messages is spoofed, and an attachment can be a password-protected zip file, with the password included in the message body. The virus has a remote-access component and copies itself to folders that have the phrase "shar" in the name.
Symantec rated the latest Bagle virus a three on its five-point scale, and McAfee listed it as a "medium" danger.
ะ็ใ็: http://www.newsfactor.com