News

Bagle Comes Back

Bagle is back and security industry insiders say new developments with the mass-mailing worm will probably cause headaches for Windows administrators all summer.

Bagle first appeared in January and has been modified so many times that anti-virus firms are on their second trip through the alphabet in labeling the variants. Over the July 4 weekend, two new variants appeared, Bagle.AD and Bagle.AE.

Bagle is best known as one of the mass-mailing worms that accounts for much of the flood of e-mail with subject lines like Re: Document or Re: Thank You. With its backdoor opening capabilities, Bagle is believed to have been designed to create large networks of zombie machines for distributed denial of service attacks or for sending spam.

What is new in the latest variants is that they deposit a copy of Bagle's source code on infected boxes. The move is widely believed to be an effort by the Bagle author to hide his tracks (source code on your computer looks bad when the investigators come knocking). A MyDoom variant author did the same thing earlier this year. It happened with NetSky as well, although it may not have helped the alleged author. An 18-year-old was arrested in Germany and accused of writing Sasser earlier this year. The same person is suspected of writing NetSky, too.

The NetSky case could be of particular concern to Bagle's author, since the worm writers may have known each other. Bagle and NetSky each contained criticisms of the skills behind each other's code.

The Bagle source, written in assembly, shows sophistication on the part of the author. With the source code in hand, however, creating new variants enters the realm of the script kiddies' expertise. We may be able to look forward to a third pass around the alphabetical horn for the Bagle variants this summer.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.