The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Virus, Bagel

Discussion in 'General Discussion' started by alareach, Jan 19, 2004.

  1. alareach

    alareach Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    http://www.grisoft.com/us/us_vir_tt.php#1
    http://news.com.com/2100-7349_3-5143115.html?tag=nefd_top

    January 19, 2004, 8:10 AM PST (cut to save space, see URL above for full story

    Computer security experts fear a new worm that began spreading rapidly across Australian e-mail networks on Sunday could be a rehearsal for a more concerted attack in coming weeks.

    The worm--dubbed Bagle-A--carries an expiry date, possibly indicating more robust versions of the worm could be slated for release soon, said Daniel Zatz, security director for Computer Associates Australia.

    Comparing Bagle to the infamous Sobig virus that flooded global e-mail networks last year, Zatz fears that a more virulent version of new worm could appear soon.

    Bagle-A is due to expire Jan. 28, suggesting tuned variations of the worm could appear as early next week.

    Bagle-A's creators, like authors of many previous successful worms, have relied on the ignorance and curiosity of e-mail users for the worm's success.

    The worm arrives in e-mail inboxes as a message containing few lines of text suggesting the e-mail may be from system administrator, as well as an executable attachment. When the attachment is activated by its receiver the worm then installs a program on the recipient computer that allows the worm to be e-mailed on to other users in the system's local address book.

    The worm also attempts to install a backdoor or Trojan on infected machines, listening for activity on port on 6777.

    Sean Richmond, support manager with anti-virus software vendor Sophos Australia and New Zealand, said the company was still examining the Trojan to see what else it was capable of.

    Another possible factor in the worm's success, Zatz said, was the fact the worm's creators programmed the worm to e-mail itself to handful of popular domains to evade swift detection by dominant Web enterprises such as Hotmail, MSN and a large Russian computer security agency.

    Users who suspect their computers may be infected with the virus should look for a file called bbeagle.exe in their Windows System directory. The file disguises itself with Microsoft familiar calculator icon.
     
Loading...

Share This Page