1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A new Internet worm that spread by e-mail

Discussion in 'Virus & Other Malware Removal' started by prospect, Jan 20, 2004.

Thread Status:
Not open for further replies.
  1. prospect

    prospect Thread Starter

    Jun 13, 2002
    By Brian Krebs
    Special to The Washington Post
    Tuesday, January 20, 2004; Page E05

    A new Internet worm that spread by e-mail through Asia, Australia and Europe began appearing in U.S. in-boxes yesterday, and experts warned it could spread as people go back to work after the Martin Luther King Jr. holiday.

    The "Bagle" or "Beagle" worm arrives as an attachment to an e-mail with the subject line "Hi" and "test : )" in the body text. The worm is activated when a user clicks on the attached file.

    Once the attachment is opened, the worm tries to send copies of itself to all of the e-mail addresses that it finds on the victim's computer, faking the return address with one randomly generated from those on the infected PC. It also installs a program that lets attackers connect to infected machines, install malicious software or steal files.

    The worm could be the precursor to more evolved versions that could wreak havoc with small businesses and home Internet users, computer security experts said.

    Carey Nachenberg, chief architect of Symantec Research Labs in Cupertino, Calif., said he expects the worm to continue its rapid spread as more Americans begin sorting through the e-mail that piled up in their in-boxes over the three-day weekend.

    "This is coming on hard and fast, and that's usually a bad sign going into a shortened work week," Nachenberg said.

    Bagle has spread to computers in more than 100 countries, according to MessageLabs, an e-mail security company in New York City.

    FBI officials did not return telephone calls seeking comment on whether law enforcement authorities are investigating the worm's origins.

    Bagle also tries to download an unknown program from one of more than 30 Web sites located mostly in Germany and Russia. None of those Web sites was reachable as of Monday afternoon.

    A German Internet service provider that hosted one of the Web sites recorded nearly 1 million Internet addresses trying to connect to the site within a 24-hour period, indicating that as many as a million computers have been infected so far, said Tony Magallanez, a systems engineer for F-Secure Inc. in San Jose, Calif.

    Magallanez said Bagle might be laying the groundwork for an updated version of the worm.

    This is what happened with "Sobig," a worm that infected millions of PCs last year. The first version of Sobig appeared in January 2003, with new variants following soon after each previous version shut itself down. Sobig used entry points installed from previous versions of itself to seed hundreds of thousands of computers with software that turned them into remotely controlled spamming machines. Security experts said that Bagle is not spreading as fast as the Sobig virus, though it has generated a high volume of e-mail.

    Like the earlier worms, Bagle does not affect Macs or computers running the Linux and Unix operating systems.

    The computer security community recommends that home computer owners never click on attachments unless they are expecting them from a trusted source. They also recommend that PC owners install and run up-to-date anti-virus programs to scan for computer infections.

    Brian Krebs is a reporter for washingtonpost.com.
  2. IMM

    IMM Malware Specialist

    Feb 1, 2002
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/197165

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice