Bagle Variant Gains Momentum

 
 
By Dennis Fisher  |  Posted 2004-02-23 Print this article Print
 
 
 
 
 
 
 

A new version of the Bagle virus is making the rounds of the Internet.

A new version of the Bagle virus is making the rounds of the Internet.

Known as Bagle.B, the virus is a mass-mailer like the original Bagle, and it includes a component that notifies the author each time a new machine is infected.

Anti-virus companies said they saw several dozen submissions of Bagle.B from customers early last week.

The new variant arrives in an e-mail with a spoofed sending address and a subject line that contains the term "ID" followed by a string of random characters. The text of the message simply says: "Yours ID" followed by another group of random characters.

The attachment is an executable file with a random file. Once the user executes the file, the virus mails itself to all the names found on the users hard drive, with the exception of addresses in the Hotmail, MSN, Microsoft and AVP domains.

Bagle.B also opens port 8866 and begins listening for remote connections, according to an analysis done by Network Associates McAfee AVERT team.

The virus also sends an HTTP notification, presumably to the author, notifying him that a machine is infected.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel