News

Bagle Comes Back

Bagle is back and security industry insiders say new developments with the mass-mailing worm will probably cause headaches for Windows administrators all summer.

Bagle first appeared in January and has been modified so many times that anti-virus firms are on their second trip through the alphabet in labeling the variants. Over the July 4 weekend, two new variants appeared, Bagle.AD and Bagle.AE.

Bagle is best known as one of the mass-mailing worms that accounts for much of the flood of e-mail with subject lines like Re: Document or Re: Thank You. With its backdoor opening capabilities, Bagle is believed to have been designed to create large networks of zombie machines for distributed denial of service attacks or for sending spam.

What is new in the latest variants is that they deposit a copy of Bagle's source code on infected boxes. The move is widely believed to be an effort by the Bagle author to hide his tracks (source code on your computer looks bad when the investigators come knocking). A MyDoom variant author did the same thing earlier this year. It happened with NetSky as well, although it may not have helped the alleged author. An 18-year-old was arrested in Germany and accused of writing Sasser earlier this year. The same person is suspected of writing NetSky, too.

The NetSky case could be of particular concern to Bagle's author, since the worm writers may have known each other. Bagle and NetSky each contained criticisms of the skills behind each other's code.

The Bagle source, written in assembly, shows sophistication on the part of the author. With the source code in hand, however, creating new variants enters the realm of the script kiddies' expertise. We may be able to look forward to a third pass around the alphabetical horn for the Bagle variants this summer.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus