July 19, 2004

A new version of the Bagle computer virus started spreading on Monday, and antivirus companies warned that more variants are sure to come. The latest virus, called Bagle.AI by some antivirus companies and Beagle.AG by others, spreads through e-mail as an attached file, which infects a user's PC when opened.

The virus is extremely similar to previous versions of the program but uses a different form of compression as a way to dodge virus defenses.

"It really looks likes someone took the source code and changed a small number of things and then re-released it," said Oliver Friedrichs, senior manager for antivirus company Symantec's security response team.

Symantec rated the virus as a three on its five-point scale, and rival McAfee called Bagle.AI a medium threat.

The latest Bagle virus is the fourth variation found by antivirus companies in a week. Earlier this month, the program's writer released a version of the virus that contained the source code, the computer commands that can be compiled to make the virus. Antivirus companies believe the move will lead virus writers to create a greater number of variants.

"When the source code is available, it opens up the door to anyone making changes and releasing a new variant," Symantec's Friedrichs said. "It lowers the bar quite dramatically."

Another program with publicly available source code, Agobot, has more than 900 variations.

Bagle.AI arrives in e-mail as an attached file and infects computers running the Windows operating system if the user opens the file. The program harvests e-mail addresses from the infected machine and sends out messages to every address, with itself attached. The "from" field in the e-mail is forged to confuse the source of the message.

Like a previous version, the program also attempts to stop more than 250 security applications from running on the computer and contacts one of nearly 150 German Web sites to let the attackers know of their latest conquest.

The virus also copies itself to any directory that bears a name containing the word "shar," a means of targeting users of peer-to-peer software and to spread across network shares.

Computers compromised by the virus will likely be open to exploitation by spammers.

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

        

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.