New Bagel.U a virus of few words

Antivirus software companies are again warning e-mail users about a new version of the popular Bagel virus, which is spreading on the Internet through infected e-mail messages and targeting machines running the Microsoft Corp. Windows operating system.

Bagle.U is the 21st version of an e-mail worm that first appeared in January. Unlike earlier versions of the worm, the new variant eschews tricky subject lines or enticing messages, hiding in a file attachment to otherwise blank e-mail messages. Once opened, Bagle.U opens a back door to infected systems, mails copies of itself to e-mail addresses it steals from the user’s computer and even launches the Windows Hearts card game, antivirus companies said.

Thousands of copies of the new Bagle variant was first spotted on Friday, following what is believed to be an initial e-mail “seeding” of the virus, according to iDefense Inc., an IT security services company in Reston, Va.

Citing the number of infected e-mails, Network Associates Inc.’s Antivirus Emergency Response Team (AVERT) rated Bagle.U a “medium” threat. Antivirus company F-Secure Corp. of Helsinki rated the latest version of Bagle a “level 2” threat, indicating “large infections,” F-Secure said.

As with earlier versions of the Bagle worm, the virus code is contained in an executable (.exe) format file with a randomly generated name. Users must double click on the file to open it. Also, many organizations block e-mail containing executable files from reaching users’ inboxes.

Once launched, the Bagle worm installs itself on Windows systems, begins listening for instructions on communications port 4751 and connects to a Web site in Germany to report the identity of the infected machine to the worm’s author, F-Secure reported.

Bagle is one of a series of worm families that have been plaguing e-mail users in recent months. New versions of Bagle, as well as MyDoom and Netsky have been surfacing on an almost daily basis since January, prompting a frenzy of activity among antivirus researchers who must identify and develop antidotes for each new variant.

Experts are at a loss to explain the recent proliferation of worms, though some have cited an apparent “war” between the authors of the Bagle and Netsky worms as the motivation for the release of many of the variants.

The latest is programmed to stop spreading on Jan. 1, 2005. However, at least one antivirus expert expects many new versions of Bagle to be released in the coming weeks.

” Bagle.U will not be the last Bagle worm we see. Get ready to re-learn your ABCs as we head into the AA-Z series of Bagle worms,” said Ken Dunham, director of malicious code at iDefense in an e-mail statement.

Multiple, contemporary variants of the same malicious code will help the latest worms succeed in the wild, Dunham said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now