The Web    Google
Bagle-BK Worm Downloads Code

Bagle-BK Worm Downloads Code
March 4, 2005
The Bagle-BK worm has grabbed the fourth-highest spot on eSecurityPlanet's list of Most Dangerous Malware.

The worm accounts for 5.2 percent of all malware traffic on the Internet, according to Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass.

Bagle-BK scans through an infected computer and sends itself out as an email attachment to any email addresses found. The subject line often reads: Delivery Service Mail or Delivery by Mail.

The variant also forges the sender's email address; uses its own emailing engine; downloads code from the Internet, and installs itself in the registry.

The variant is just one in the long line of the Bagle family of worms. The family got its malicious start early last year and then went quiet sometime in February. But last July, the family came alive again when a flurry of variants hit the wild.

''It just goes to prove that old tricks still work,'' said Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''The variants are having good success in the wild and that's disturbing. After all this time, everybody knows about attachments and they know about security, but this worm is still spreading. That's disturbing.''

The Bagle variants are mass-mailing worms that also can spread over file sharing applications. They arrive with .exe, .ser and .zip files attached. Once they have a foothold in a computer, the worms search out anti-virus and personal firewall applications and shut them down. Some of the variants also try to connect to a German Web site to download modifications to itself. A backdoor is opened in the compromised computer so spam or other viruses can be sent without the owner's knowledge or consent.

When Bagle first hit the scene this winter, it caused a lot of problems. Variant after variant hit the wild when the worm author got into a spitting contest with the Netsky author. The worm war that ensued between the two created a disruptive series of attacks on the Net.

  • VeriSign Strengthens Secured Seal
  • NIKSUN offers a security camera for your network
  • 6/4: Korgo-D Attacks Buffer Overrun
  • House Passes Anti-Spyware Bill
  • 12/7: Banker-BG Trojan Targets Brazilian Banks
  • Microsoft Defends Security Approaches
  • Will Sobig Strike Again?
  • Tabbed Browsing Flaws Detected
  • AntiOnline Spotlight: Wireless Security
  • Hackers After Patched WINS Servers
  • 3/7: Forbot-ER Worm Contains Backdoor Functions
  • Security Camera Related Information