News

Bagle Comes Back

Bagle is back and security industry insiders say new developments with the mass-mailing worm will probably cause headaches for Windows administrators all summer.

Bagle first appeared in January and has been modified so many times that anti-virus firms are on their second trip through the alphabet in labeling the variants. Over the July 4 weekend, two new variants appeared, Bagle.AD and Bagle.AE.

Bagle is best known as one of the mass-mailing worms that accounts for much of the flood of e-mail with subject lines like Re: Document or Re: Thank You. With its backdoor opening capabilities, Bagle is believed to have been designed to create large networks of zombie machines for distributed denial of service attacks or for sending spam.

What is new in the latest variants is that they deposit a copy of Bagle's source code on infected boxes. The move is widely believed to be an effort by the Bagle author to hide his tracks (source code on your computer looks bad when the investigators come knocking). A MyDoom variant author did the same thing earlier this year. It happened with NetSky as well, although it may not have helped the alleged author. An 18-year-old was arrested in Germany and accused of writing Sasser earlier this year. The same person is suspected of writing NetSky, too.

The NetSky case could be of particular concern to Bagle's author, since the worm writers may have known each other. Bagle and NetSky each contained criticisms of the skills behind each other's code.

The Bagle source, written in assembly, shows sophistication on the part of the author. With the source code in hand, however, creating new variants enters the realm of the script kiddies' expertise. We may be able to look forward to a third pass around the alphabetical horn for the Bagle variants this summer.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.