Bagle author creates new outbreak
| Wed, March 02 2005 | 4:37PM | PermaLink
Kaspersky Lab, a leading security content management has detected a
number of variants of Email-Worm.Win32.Bagle. These new Bagles are new
variants of the same malware, but packed differently. One thing they
all have in common is that they don't self-replicate. In other words,
these are so-called intended variants, not fully functional versions.
However, somewhat paradoxically, we've seen large numbers of them during
the course of the day. The reason is that they have all been
mass-mailed out deliberately as spam.
The new Bagles were sent as attachment to infected emails with random or
missing subjects and texts. The malware arrives as a Windows executable
file. The name, form and size of the files are also random. It is
difficult therefore to identify the infected emails using formal
attributes, and we caution all users to be especially cautious when
opening email attachments.
The malware is launched when the user clicks on the attachment: Bagle
copies itself into the Windows system folder and creates a registry key.
Bagle then stops processes that protect the infected machines and local
networks, leaving them open to further attack.
Kaspersky Lab virus analysts have detected 15 pieces of malware by the
author of Bagle. They are closely related and differ mostly in the
packing routines. Therefore, Kaspersky Lab is detecting them all as
Email-Worm.Win32.Bagle.pac. Detailed information and a description are
available on Viruslist.com
ARCHIVED NEWS FROM @
Original URL, circa 2005: http://www.kaspersky.com/