The Web    Google
Bagle Attack Picking up Speed

Bagle Attack Picking up Speed
March 2, 2005
The wave of Bagle worms that started slamming the Internet Monday night is picking up speed, according to one email security company.

Postini Inc., based in Redwood City, Calif., reports that its analysts are seeing 5 times the amount of Bagle traffic in the past 24 hours. The actual number of Bagle worms detected is up from approximately 60,000 to 325,000 instances per day.

The Trojan BagleDl-L appears to have been deliberately spammed out to email addresses around the world, according to analysts at Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass. Most of the email samples seen so far include a ZIP attachment which, if opened, tries to connect to one of a number of Websites in order to download more malicious code.

So far, none of these Websites appeared to contain anything malicious.

The malware also goes after security software on the infected computers.

BagleDl-L tries to stop various security applications, such as anti-virus and firewall software. It renames files belonging to security applications, so they can no longer load. It also blocks access to a range of security-related Websites by changing the Windows HOSTS file.

''Any Trojan horse which turns off your anti-virus or firewall can open you up to further attack, even by very old viruses,'' says Graham Cluley, senior technology consultant for Sophos. ''My advice is to keep your anti-virus automatically updated and always be suspicious of unsolicited email attachments.''

  • 11/4: Rbot-OX Worm Has IRC Functions
  • 2/18: Bropia-R Worm Displays Pornography
  • Stomping Out Spam: The Spam Series, Part 1
  • Linux Security: Tips from the Experts
  • Report Raps Cisco's Security
  • IE Vulnerability Flagged
  • E-mail security and your legal liability
  • 11/23: BackDoor-CLK Trojan Copies Itself
  • 1/10: VBS/Mcon-G Worm Spreads Via IRC
  • Buffer Overflows Patched in RealPlayer
  • Blaming Users for Virus Chaos?
  • Computer security background information