Reheated Bagle smokes out antivirus defenses
New version of mass-mailing worm, discovered Friday, tries to disable defenses on destination PCs. CNET Reviews: Bagle.bb prevention and cure
Bagle.BB, also known as W32/Bagle.bb@MM, was raised to a medium risk assessment by security company McAfee. The virus had triggered more than 100 reports to McAfee's antivirus and vulnerability emergency response team by early morning in Europe. Antivirus software makers have also identified two other variants of the Bagle virus that are successfully spreading.
Other security experts noted that there are specific challenges with the latest variant of Bagle.
Prevention and cure: Bagle.bb
Ribaudo added that the Bagle virus, which is also known as Bagel AX and W32.Beagle.AV, tries to disable antivirus software loaded on people's computers.
Increasingly, computer viruses are serving as a tool to surreptitiously use another person's computer to send out spam or collect personal financial information.
Security experts note that the profit that can be made from these activities is driving the rapid rise in virus and hacker attacks.
The most recent version of the Bagle virus is another in a long list of variants of the virus, which began infecting computers in January.
BitDefender Labs noted that the new Bagel variant creates copies of itself in varying lengths, in a move to make it harder to filter out of e-mails using antivirus software.
Bagle.BB harvests addresses from local files and then uses those addresses in the "from" field to send itself, according to McAfee.
As a result, the recipient of Bagle.BB receives a bogus e-mail with a spoofed sender address, which, for example, may appear to come from a legitimate friend, business associate or family member.
The subject header from the spoofed sender will contain such greetings as "Hello," "Thank you!" and "Thanks :)."
As with a number of viruses, it spreads when the recipient opens the e-mail attachment. The executable name of the attachment is listed as "price," "Price" or "Joke," according to McAfee.
Once the virus in the attachment has been released, it will copy itself onto the Windows system directory. It will also open TCP port 81, as a means for remote access to a user's computer.