Bagle Bullies Users Into Infections

A variant of the long-running Bagle worm appeared Wednesday, and tried to bully people into installing its payload. (Courtesy: TechWeb)

March 2, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

A new variant of the long-running Bagle worm appeared Wednesday, and tried to bully people into installing the payload by threatening to report them to the police.

Dubbed Bagle.dw by Symantec, the worm arrives as an executable file attached to messages with subject heads that range from "You are a criminal and will be busted!" to "You steal from innocent people."

Recipients who bite on the bait and launch the file will have their PC infected with a backdoor component and their security settings lowered. The worm also tries to download unspecified files from a large number of Web sites, then remotely run those files.

One of the three message permutations reads like a ransom note from a 20-something:

"Dude, I found your email from whois info of a web page that was used in spam and illigal [sic] activity, please do something or you will be sued and busted.Was very dumb to leave your email, a**hole! P.S Attached file is self-exatracting [sic] archive with information about your criminal activity."Symantec rated Bagle.dw as a "2" in its 1 through 5 threat ranking system, but said that it had been widely distributed by a spam-style mass mailing.

In other malicious code news, U.K.-based security company Sophos announced Thursday that during February, about 1 in every 90 e-mails contained a virus, Trojan, or worm. During the month, Sophos also said, two Bagle variations made its Top 10, including one that debuted early in the month, and a much older version from 2004 which made an unexpected comeback.

"Businesses and individuals without computer protection in place are living in cloud-cuckoo-land," said Carole Theriault, Sophos senior security consultant, in a statement. "These worms can wreak havoc on a network but are easily controlled if an effective security policy is in place."

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights