Ever-Morphing Bagle Virus Going Strong

A new variant of the Bagle downloader virus is spreading havoc again on unsuspecting users’ machines, according to e-mail
security firm MessageLabs.

The company says the malware, believed to have originated from a Yahoo news group, directs infected computers to download Trojans and turns PCs into a zombie network able to be controlled and sold for use by hackers.

Approximately 80 variants of the original Bagle worm, which first
appeared in January 2004, have been released on the Internet, by MessageLabs’ count. The first Bagle downloader variant MessageLabs tracked drops a Trojan horse that attempts to download Bagle from a list of about 130 websites worldwide.

MessageLabs says it has intercepted 145,000 copies.

“The virus is another example of a new approach to sophisticated hybrid attacks that target computers through a variety of means and produce a ‘grid computing-like’ bot army capable of spewing floods of spam from unsuspecting users’ PCs,’ Peter Rendall, CEO of Top Layer Networks, said in an e-mail.

It can also launch a coordinated Distributed Denial-of-Service attack on a given target. This for-rent “attack of the clones” approach enables hackers to make serious money off of their bot armies, he said.

Experts warn that the Trojan is triggered by opening the file, which arrives as an e-mail attachment. It is then installed and checks a list of Web sites for updates
and other files that it can download and execute.

The Trojan also updates itself to run other malware on the infected machine, depending on the files it finds on the sites it checks, the firm said. The downloader also disables virus-protection programs and forwards itself to E-mail addresses stored on the victim’s computer.

Antivirus firm F-Secure rates this Bagle variant at Level 2 on a
three-level scale.

News Around the Web