Menu
Antivirus companies warn about Bagle.AG threat

Antivirus companies warn about Bagle.AG threat

Network administrators returning to work after the weekend can enjoy a fresh Bagle with their coffee -- and no, it's not that kind of bagel. On Monday, antivirus companies warned of another virulent new version of the Bagle e-mail worm, dubbed Bagle.AG.

The new Bagle version was first detected Saturday and is very similar to earlier versions of the worm, which spread through shared file folders and in e-mail messages carrying the worm file as an attachment, according to advisories from Sophos PLC and McAfee Inc. McAfee rated the virus a "medium" threat, citing reports from several customers.

E-mail messages generated by the worm used forged (or "spoofed') sender addresses and vague subject lines such as "Re:," "fotogalary," "Lovely animals" and "Screen." Worm-infected file attachments might be in ZIP, EXE, SCR or other common formats and also have nonspecific names like "Moreinfo," "Details" or "Readme," antivirus companies said.

Infected file attachments use one of a short list of names including "Foto3," "Secret," "Doll" and "Cat."

The worm can also send copies of itself as a password-protected compressed file with a ZIP extension. The password needed to unzip the ZIP file is displayed in a bitmap image file that is embedded in the e-mail message's body, Sophos said.

In recent months, virus writers have used ZIP archives and password protected archives to hide their creations and fool antivirus software trained to look for particular virus "signatures" like a file size or name. The compressed files are used to shrink one or more larger files, often for transmission on disk or over the Internet. Recipients must decompress or "unzip" the attachments to view the worm file, which they must open to become infected.

When run, Bagle.AG harvests e-mail addresses from files stored on the infected computer's hard drive and installs its own SMTP (Simple Mail Transfer Protocol) engine, which is used to send out large volumes of infected e-mail messages from machines infected by the worm.

Like earlier versions of Bagle, the AG variant also copies itself to Windows folders that could be used by file sharing programs, using a long list of names to disguise the worm file as popular downloads on peer to peer file sharing networks like Adobe Systems Inc.'s Photoshop image editing program, the Matrix Revolutions film and pornography.

Antivirus companies issued virus definitions to detect the new Bagle version and recommended customers update their antivirus software.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments