Bagle leaves unpleasant taste

Bagle leaves unpleasant taste

Computer users all over Australia woke up this morning to a Bagle, but not the sort you want to spread your cream cheese on.

For Bagle, or to give it its full name, W32/Bagle-mm, is the name of the latest mass mailing worm to infiltrate our IT systems, and is currently spreading at an alarming rate.

The first copy of the worm was intercepted from Germany, and at the moment the majority of copies are being captured as they are sent from Australia.

The worm arrives as an attachment to an email and has a random filename, with a .exe extension. Bagle searches the infected machine for email addresses and then uses its own SMTP engine to send itself to the addresses found. The worm makes a poor attempt to lure users into double-clicking on the attachment by using social engineering techniques.

Further analysis suggests that the worm includes a backdoor component that listens for connections from a malicious user and can send notification of an infected system.

It also appears that the worm may attempt to download a Trojan proxy component, known as Backdoor-CBJ. This Trojan is able to act as a proxy server and can download other code which could be used for key-logging and password stealing.

Analysis also points towards the worm having a cut-off date of January 28, 2004.

Related Article:

Many unhappy returns for virulent worm