News

Bagle Comes Back

Bagle is back and security industry insiders say new developments with the mass-mailing worm will probably cause headaches for Windows administrators all summer.

Bagle first appeared in January and has been modified so many times that anti-virus firms are on their second trip through the alphabet in labeling the variants. Over the July 4 weekend, two new variants appeared, Bagle.AD and Bagle.AE.

Bagle is best known as one of the mass-mailing worms that accounts for much of the flood of e-mail with subject lines like Re: Document or Re: Thank You. With its backdoor opening capabilities, Bagle is believed to have been designed to create large networks of zombie machines for distributed denial of service attacks or for sending spam.

What is new in the latest variants is that they deposit a copy of Bagle's source code on infected boxes. The move is widely believed to be an effort by the Bagle author to hide his tracks (source code on your computer looks bad when the investigators come knocking). A MyDoom variant author did the same thing earlier this year. It happened with NetSky as well, although it may not have helped the alleged author. An 18-year-old was arrested in Germany and accused of writing Sasser earlier this year. The same person is suspected of writing NetSky, too.

The NetSky case could be of particular concern to Bagle's author, since the worm writers may have known each other. Bagle and NetSky each contained criticisms of the skills behind each other's code.

The Bagle source, written in assembly, shows sophistication on the part of the author. With the source code in hand, however, creating new variants enters the realm of the script kiddies' expertise. We may be able to look forward to a third pass around the alphabetical horn for the Bagle variants this summer.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.