Print
Discuss
Send to friend
RSS feedsIT security experts have warned that a newly intercepted mutant of the infamous mass-mailing Bagle worm, dubbed Bagle.bb, has begun to spread rapidly across the internet.
Over one million email infections were reported within a few hours of the virus being discovered in the wild on Friday morning. The peak infection rate was between 8am and 9am, when virus infection rates trebled from the hour previously, according to email security company BlackSpider Technologies.
This latest Bagle variant, a mass-mailing worm containing its own SMTP engine, comes packed with PeX with the attachment in the executable of a name, McAfee's Avert antivirus team warned.
Bagle.bb harvests addresses from local files and uses them in the 'From' field to send itself. This produces a message with a spoofed 'From' address. The attachment comes in the form of an executable and opens TCP port 81 for remote access of the user's computer.
According to Avert, users should be very wary and delete any email containing the following:
From: [spoofed address]
Subject:
Re:
Re: Hello
Re: Thank you!
Re: Thanks :)
Re: Hi
Message Body:
:)
:))
Attachment: The attachment is an executable of name:
Price
Joke
After being executed, Bagle.bb copies itself into the Windows System directory (C:\WINNT\SYSTEM32\WINGO.EXE). The following Registry key is added to hook system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "wingo" = C:\WINNT\SYSTEM32\WINGO.EXE
The following Registry key is also added to store data (within a 'TimeKey' key): HKEY_CURRENT_USER\Software\Params
Bagle.bb also copies itself to folders containing 'shar' in the name, such as common peer-to-peer applications Kazaa, Bearshare, Limewire, etc.
Luis Corrons, head of PandaLabs, said the virus "is here to pick up the cyber war that started a few months ago between several groups of virus creators. This time, it is a malicious code that uses social engineering and can spread extremely rapidly."
See also:
Difficult for newer viruses to compete, reports Sophos 01 Nov 2004
Security experts increase threat rating as new variant spreads rapidly 01 Nov 2004
Commonly held misconceptions highlight problems 27 Oct 2004
Experts increase risk assessment on Bagle.aq as worm spreads rapidly 10 Aug 2004Security experts increase risk assessment as latest worms begin to spread 06 Jul 2004
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
