Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


New Bagle Variant Heightens Alert Levels



 By: Larry Seltzer
2004-07-16
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Submissions pour in to anti-virus companies, raising levels as the worm drops itself into the Windows system folder, sets Windows to load it at startup and begins sending copies of itself to harvested e-mail addresses.

A new variant on the Bagle worm has elicited increased alert levels from anti-virus companies owing to increased numbers of submissions, from both consumer and corporate clients.

Known as W32/Bagle.af@MM to McAfee, WORM_BAGLE.AF to Trend Micro and W32.Beagle.AB@mm to Symantec, the new version is rated "medium on-watch" by McAfee and "category 3 - moderate" by Symantec.

Click here to read about another Bagle variant.

Symantec reported Friday morning that submissions were trending downward. "At its peak, our experts were tracking approximately 30 submissions per hour. However, now we are seeing the numbers trending down—about 10 submissions per hour. To date, Symantec has received a total of 264 submissions—57 from corporate users."

Resource Library:

According to Trend Micros analysis of the worm, once executed, it drops a copy of itself in the Windows system folder and sets Windows to load it at startup. It uses an internal SMTP mail engine to send copies of itself to addresses that it harvests from a variety of files on the system.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

The message may have one of a variety of subject lines and bodies and a spoofed from: address. It also spreads through networks, including peer-to-peer networks, but copying itself to shared folders.

Bagle.AF also attempts to stop running security software on the system and to interfere with copies of the Netsky virus. Finally, it opens up a back door on port 1080 for attackers to use on the system.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: New Bagle Variant Heightens Alert Levels
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


xmw(yVC wlfaٱaƙ{W I[<˳Vu =%uwuUuUuu?{{o$ri#ݜ+k47(άCtf$5޼yCH~G޴+?2dh9#42Jh0\[Rnld4jz4:=ϣHʛx bH ʒ)'SQhg:Z#+3uB]qNnMbh#bY/Ǩ> vH 0h##@Ir(S].y}L~P'Z>?A~ez2<Ϛ3ՙ&{!y|LJJ4xL!"xLGs2Pn |%| ЪHwmC]aiSR!+"Yx~U+/,xL r&drt{:#*fO2DFL$jH2qVBax-c@'pW ˁƩT*KׂjL7U㐸)mu#"3AUa!Dঋ ŭ(ʋG 7?1tG$oaee[G3zioסOkn1gXX UZ(kN)4G ByTd^:~DsrR㕒~P7iJtT,(zZTZl;KQ`%pa#N&XZm&m}MXCZ-@*( RJkM3Fy|57wgw/w]woYcCQdBgC: ɟ*o#0-_:<$= @jjT| g6zPed$Y+Yrѿ$tu! DܿV Gɋ̍QU |sA=#J 5"3E`[@L4z!aF=`qg?42 kZ52h,eg:5O)W1F VkvfB9~A)Q*_Z>_BC!\EWԔTwYQp!B<6 ^ZD 1 Ajxǐ"q,h.2 WW{vNTꊭPr}#gYJK =2'v}Fz7^ڽ^}8%g4N ,YaeߴPK쫃cZ9 ]G"eYKPP9+":0rMG̷)a`es˩n.8m`NQGuf1TM3W} >AE*bG\jS4!>Xg{Tm_/}R1.|uFp.oTn0Y %U'ʺIfB;hG˹Aٚn({ zwt( U\vzB#ҚX|T.RZ x8Ȭe&~L< #"05X <z xukTRQOu&c]a@ ==\7FC029S?e!pPQA}8#s"ݴY% 0fzZkٻ7q{b^`c4B c2;Ďyۻ/ns}(w5nOu^._θhy e> iF=՜s Ar{ͪX 4)|¬0Ϧ0/ёp^rT 6gbree]* +5u (>u<ݥ8LEߋ;)QZ3-xO\WcC?5ؒo-V,I7r5 /7krP?Xi֥ȗ*8@HqVʼnƉZktW8RSXH*6\\, %.%1ati(Me"UCrǶf|A.e[pd>ljRXleܳ!>05P4H7p( osSԲ=:A>^!,yg&Ao>`{8dT Bkg8 p"՞vM|A.r7a('Xp/#Y! 8U2 13&UsA(-ƨVLts,\orI\8ׇYcB5_) rfnnn06L,yW/|]tF 4ra8,,CR7F23kcw$eM *I(-bsX(P<Ƅ&3٥M剫2ۉǘ0VAq/(cpQH P_V@`B^C 3LJER!-[ y\٩F7("p/7˅%"T6( = <~3ʫ:2MyVjg3; |\j8/=nnQe| ,kS X1H<^_] S]?7 ]< ~};A-r.X |qZM`v#'pNTS,`\8ck=H/BJê8Pzԁn!yS#{]?F%E0 qDM &Ii=댺5 ?bҀ[.q2w\6S04Yǯ5 {i V{+գZ1oy3jf#SF2U) CapCQ^p]);:<~Qd%:t`eGwH_R6wqAvoBh?VcPk"RV*"x\5`QA R3Ɨʞe+sGi3q:Tye@ ˄G2gNTIXV}Z7ѷ5n&lWПTOu=1) yTڬ[0 uٺN`tXeeiaUEC-ƏU`z*tOUH|vO+ԤBVIġ?$6/=artql6)uiSyyeGpXt+nh‡/$cχRT(@mj%SnO'a!rF@#k8F)UjO!ʖ"H?5,V(Qz4 2wސ/#9SBmpDD]#*S '9on&Z/C+I <˯0cibA7w"[Xa+g̃66=O=Goa( & /99 6U# {?t%.}]qL6{޽K筫c2KwUt{~{}LDyyZ~cr m@7 8*uڿrgR͸o50Y#X3 R!Al:Y|:{%Ջb{:;\nyF}W)0^ |=J_wεx}ڽfurٹnKQCx(scgH`]j]v_<:"deu{^kvLhY&Id(okC4[{mbXO *$V]{{־‚s9.D\kQ\ lmpCoPѴz")}oM10nU kn~ UktV ZE 1`kFuz7O{mi9[ ty xE/s)fQ\(L»,}ڽmq}Klo}E_ίm9חo)J>_ac/-x<& ]$=Al֊q~Y#^~<)}AOm9˚{N_+Q\y} zwLhD@R|9mͩX)ZDc3%Ļ{JW8^(cz<1Pb"Vg*([IZ;`beK5Ր8x"5%R_&mo?zR&T Ó,磺36\,-0 Ж+] $T; V!\x{ gf6.uμ+K:Ww l6 q.@0Qޒ<mn}FVo%)ت}-06x)$Z#-CE.+0tϷU揎Lݛ;tL-wbLD i<0|mde{"кE;Ao͕?݁IY5=Jp5R 2a[TmJ0Ƌ=뙞>^`hTg>tV3hSlY}*`5jdnD0yoPh,v's1: uW[>Q=ɩ rN*~ig e9t?i)+eؽ5-iimYUlF Е|^Tl",0$|+tln(j9/s唤랬dXW7Tdҷ+pd~$zuF RsScȎ9vO}k󇘸4DϮЙ=C7KX긍,ӆC]f+wRȔ?8]*f_YZtGqekGgW#YKT”I'%D3Y="[cyA[ydbPQ׾:1G}L~d_. dgT; C~"+Ry>j?3$g2@ȸ= l;o͇Vpv /v_!σ0%NJAwu~K#Þ َ)!%(:62+|a Cqʑ2=];s~R{R \|LZ7wuNxLpgšxTL aN-o-[ͭ"24] t<n$ZVYl}/`k1X:.5LJ+2|E'b`d)@rVH8V5Bcz_T*,FCCH=stxP̸Asa Aמ=2l}zj aVEaCWx>+,3<2esrXu(, اU|y*y\3_p>%z2U1|lj|dT 'Ke~*e`hJH^<!xrE 1ω(d"1𸹭)׊rx"UNJ81!:qq1Y94P~o,?;0vxP|^9 >rmQL 1U 2I= :wd[LIg0>l`/|L:`t-`i. Kq-2hc)_V*7,*!xnHKK𭧎V^ %~c6v|D_ ->ũ5Rwe4 pI7M^@SIqVB"AX#1`_gkF6d[jܵw)@$>leĢ, eFoAoAoAoA??(X.)˃z`ْN,іzSp7ǖ#|(]8o)3"l0QMV'{LM޲^?>xw2I`, /(ַaPxED`kk- iݎVٶlRpμ+{=jK b,F>_[n&3<6Qܔc˶,V[ҝVH Лt(_Ǐ AW/fe+ڛR6^?Ղ!Hj_R]P'0 XN-Si$n`Wo{38`LJpz!: '~q‹G< v5֘퓼=ͭnן7mIu7 n:>mF "ʛ i(knʑyuj@@@@_yZ<c}`67,Tԣ 얧'eݚ}.f|PPDQ7xH͑M@ #{U>AT4>eќ;z}[Et71tKn,JX}b _mAm0o,v\' ^{ cG8 ('J]i&7.B`CG nFB__oO{@66I(\#D|@ٙ!Ca] X3:;rAd}  K9zzG,ŕԔn?jzj;}vtrMM~+ hH+Y]F|PuQ(0xؼ+,G<] #WIJ a%†|&>q5RC~uaFCϳfot\rq,5SGg8|MG%?[^_/pCIʽ&3lV /kb +u/Kvn4Fd<3Lmoe u}uYq(vFys3"3Pض@!sPZT[2;hX^O miնYBrBzi,Й@WN9HKeȰDv.0.x灑9=.~$ 3$RkHem=.Θjf֦ en VJ^x=9զwmavIγYyѾIM#s㷀Ux [ᅋO-<WY)kr2Do89A &ZQrR[7o._iOg Y#QqHr'ڧ-$Rn|z mH@]$u"9e~n[L vh ;D}4u6M]R"w_i <1ýտN57wXO$2,E>A<~9R8xyh @ 5\}O̲s+ QE|t9Ǻqp 1Qƫv%R[ z~+pC#E#Pؔ4)pGv g԰Iz~ :::Zrubh&NGڮ,%z( / A3KDCX^qGc=2! ׏0ښx+%-@ ZE-|D$Rkx<AE%FTǂ7B‹ fTL˙ _~4ZSY-&icyr_h%D*+X Yw9 do5fj m  "rI Cm"Ъo"UjസPce yS#zYU̍X@&L/PzXUTfڹʚs;} y=Js|0 QmʏyD_T#~X,Ac͞9D'2Z+t6F_ۖ7R&gN*\ 01rH`$z|j{XOPTJV;To4gn\%kZ;Td%M5cVb-K'{`'^HB!ՅgS(/(/ b:ƂF{`:}gq :E"hvbAئ~>f|S2 fá/ZiߪkqZlx ;dv> Ĭ _wr>do[i{5 L}c]g)̧KHې[.Ƚ2:X4ߞj>eb 3)/ն7\ڏb jOq,,(`Kͼ-Ոn[v}Tmvwȉ)tA.TS5u@:3S1HAURK޿=*G!e=np[^!Tuш }؄nhJD۴h5ާ%xktkH8'\6DŽR TCЭ B)ͫ;NP} Y?#d=t` .S!Sdꑩol0ܿrG⌏ Ӷ_yB'wɒ>/ TASp}}<pVB r|՜Gl9MXx\!gܳ=~pLRW30 :kiŗ/7 UlNi$>b{?-sWLdf&@րX%پkFyhu.uw۷= d蠌/9k]0ؑ3S@ Fusoe+10c& ևDyE*d[sχwG9† vi ;·nK·l9JX!iFrq#s"~! &L1dᢆoD:&m?M_o{=>(XOCt &@@Ppm~;ǚF$E!."s#Fb-vɉ۸|`!05F~I[W 46!R玘pء4ˑ?Aqiz;#W`t| PUI`l 7j!{C)P/ҥrs' `/x`3̶p+VP.VNG|qO=gqԙ]SnِpC:L,Y5UE9YG>71TNoE~"Ld@s&aVP6IĠ sX~EB(&.2'*<*&ntGK\z{kq@x)_lLWl'x(44+kĖ0ؕAK ?hdB G8BtM=$ .KFt9}:|:\on;L\w'DZʿd*#QM{]e[U)sM9S jN5gZ]qxqxQD_1}tu8f ׋gq_nȲ.! ~k4Cm+s+̵et6g{:,mrjR[TozVd9pS#S܅P\!ڗ>^3Mߥ"E%eJϐsJkJ-&쯔.wSQgvJ)&S!9i^t;gf,%uJ:I^s/%JN)k^BJJ*?W@U W W)yy")_)~/HWJ_C^5u\C]_M?]/rq"7P&-m^ =B䯟"_  _R#LK>1w~{"wP]Jw w)$)Vnpz%s^4OR\{V C#HOgSFnV`{J1w _/E+O!~oelڹ9EGytӆ+Y3U7ǰj /L3{̲-cD,/ WW ]CWޣsqm0.m8rmpK01h3p%-Xv7m R O\)2ɓpǮiSu̶=!ikЮ(ZG*Y>5~ɉa4(nu) wjX%(̞R.ˬDi`(ȝ|$BǕ}yGa,m~Ljݳeֶb-MſPM:cwŗת@@vӁU6v{akjƚ)uK*Dza_FL#zQDi{/~yA#_]ٵ=`路pMx-̈́uEVam[JF}5,Ie`"_`hY'srD̻~KxAB_vYU$}Y= >g^"s4DщԷL1Fvq+ƒ_1!:G-?G ?,S0SSDչ!=˘|>|N@:AӋpOա8 O^AViB:pVɪދz= kх-qy] Y68[T"?3@ 3=v""D9IE|ȧm:TjܕD|/3S^p#qZ o :b30S9֒_OgwSWtlG%խcY*H&l]t arA%,zR<_[=$vuOGb"n/)0P;ҩny㰁D$u wT5t1ˠvӽsTMM@/;"wfS+Im;9~p֭lҏ֭(! \oKx:6ΏĨ3 H2y p@NnM+d :P5$h+n/v[/o دw.lz|M !{Ӓ;p,Fs:hE 7%> ? 60rGĶR q֘YLZ*,JM"x,.3 }f_NŖ/Wu<ml0/.A⸆@ׂ=fMZ7-\yU[X-8LoAZ3E~౞?:EGdKjT2pQ^٢cVl<@W$R#z6Y<`1>gzE&m;h.&42|p8[ˋ`l9r*X̗}_KY|)/A.g[9> ({ZֽNq{68\7oo4n8:$G<<LO|]aAZpiid~be *%_U1#\.#wJcE#j8&D3a_ex0ӛ5!u D-S괹fq\+Ņ rHa+bCU#INM(M:z:mR =ˬ/ t|􂪉hvmpY+ĒX{$HiMndVctĜPWk8pYn@#<x 5{oa;efhsՇ7':33̓^@aniAFܵ1L@ LrĬ" :"։ .qqd ' FncD뛹:tד.vϰ> fƇ8L+HcAvߎ _τ؄㊼c' DwD X!l,ѿ]RCWaY, \A*tK -GS؋wO0K!-?YYe?( 0}T^[\(oobX6L9 Ca0=k.]{C#Խ{,px\Z®axGޭxld9Kлr/Y0@8j֡i[wdZx;kq(@\R /K1K\u"Z| <_Yꊄx研4,_8fc7QcӃ <:`юrO|YG`|9QkMĩo.Lv/>4 ޸[vqˇxTjd|m c8&491jdy=Ϸ*QO'#wF&H` RX3)qb4Gn?͞^ؖWee]mll`UY=ִCqd,;򱲟= @''u@_0"&R PQV*Gw8[IEBof<kVǷcݦ8Ip ~YGpҩa4FiPw4]ݘTO.a74JGD\ٕ)qUpîAC#6 ɾ?]ׄt޺\~:Z\ \zX}8%H"V[vExMi{{wDOZ?~>ӽ=kA0OXY}4#ނforz_ 5dzHXkxO|)A*%Rn B5r ;-A1G|arjE< @ޚ-6C|y̖uJa>' e> Z;])HbxzY16x8lxM4kn1L^AaeiXv~=ͽu28