The Web    Google
Bagle-BK Worm Downloads Code

Bagle-BK Worm Downloads Code
March 4, 2005
The Bagle-BK worm has grabbed the fourth-highest spot on eSecurityPlanet's list of Most Dangerous Malware.

The worm accounts for 5.2 percent of all malware traffic on the Internet, according to Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass.

Bagle-BK scans through an infected computer and sends itself out as an email attachment to any email addresses found. The subject line often reads: Delivery Service Mail or Delivery by Mail.

The variant also forges the sender's email address; uses its own emailing engine; downloads code from the Internet, and installs itself in the registry.

The variant is just one in the long line of the Bagle family of worms. The family got its malicious start early last year and then went quiet sometime in February. But last July, the family came alive again when a flurry of variants hit the wild.

''It just goes to prove that old tricks still work,'' said Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''The variants are having good success in the wild and that's disturbing. After all this time, everybody knows about attachments and they know about security, but this worm is still spreading. That's disturbing.''

The Bagle variants are mass-mailing worms that also can spread over file sharing applications. They arrive with .exe, .ser and .zip files attached. Once they have a foothold in a computer, the worms search out anti-virus and personal firewall applications and shut them down. Some of the variants also try to connect to a German Web site to download modifications to itself. A backdoor is opened in the compromised computer so spam or other viruses can be sent without the owner's knowledge or consent.

When Bagle first hit the scene this winter, it caused a lot of problems. Variant after variant hit the wild when the worm author got into a spitting contest with the Netsky author. The worm war that ensued between the two created a disruptive series of attacks on the Net.

  • Netsky-D Ranked as High Risk
  • Intellitactics Upgrades Security Manager Tool
  • 10/28: Agobot-NU a Worm and Backdoor
  • 10/29: Beagle@mm!CPL Detects Worms
  • AirDefense Describes Lack of Client Security at Show
  • 4/29: Kelvir-D an IM Worm
  • 4/4: Symbos-Mabir-A Affects Symbian Cells
  • 6/11: W32/Zafi-B Sets Registry Entry
  • Lawmakers: Spam Bill Is a Turkey
  • 9/8: Rbot-IL Spreads To Remote Shares
  • Simplify File Recovery with Volume Shadow Copy Service
  • Security Camera Articles