Bagle commandeers PCs for zombie army
New offshoot uses a Trojan horse to try to compromise PCs for use in cyberattack networks.
The variant surfaced over the weekend and was spammed to tens of thousands of Internet users, Ero Carrera, a researcher at F-Secure, said Tuesday. The antivirus software maker is calling the offshoot Mitglieder.CN, but it is known by other names, such as Bagle.BQ or Tooso.J, at other security companies.
The latest Bagle behaves in a similar way to its predecessors that don't self-propagate. It arrives in an e-mail with a attachment. When the file is executed, the malicious program tries to disable firewalls and antivirus software. It then attempts to download and run a Trojan horse that hijacks the infected PC for use as part of a botnet.
Botnets are groups of compromised PCs, often numbering in the thousands per network, that are rented out to relay spam, to launch denial-of-service attacks, or to perform other malicious acts.
"Compromised PCs could be used to send out new variants of Bagle," for example, Carrera said.
Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.
Most antivirus companies updated their products over the weekend to protect customers against the new virus. "It is not going to be a major issue," Mikko Hypponen, director of research at F-Secure, said Monday.
Symantec rates the new variant a low risk because it has not spread much. "Our rate of submissions is slowing down on that variant, so we don't consider it to be a significant threat," a Symantec representative said Monday.