Bagel is back (again)
Please support our Hardware and Software advertiser: Programming Forums
Dec 2nd, 2006, 5:32 pm
According to my Finnish friends, F-Secure, Bagle looks like it might be back in business. Not that it has ever really gone away of course, as it is one of the most prevalent of worm families.
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
•
•
•
•
This blog entry was written by Davey Winder, staff writer aka happygeek. It has been filed under the Hardware and Software category. It has received 2,421 views, 0 comment(s), and 38 linkbacks. It was promoted to featured news status Dec 2nd, 2006.
Related Blog Entries
- Yahoo Announces 'Green' Data Center Powered by Niagara Falls (1 Day Ago)
- Neverland is Your Virtual Linux Playground (1 Day Ago)
- Pink iPhone 3GS is hot stuff (2 Days Ago)
- Sarah Palin Hacked Off (3 Days Ago)
- Divorce Attorneys Using Social Media to Find Evidence (3 Days Ago)
Related Forum Threads
- problem with loop back (Networking Hardware Configuration)
- I am back (for now) (Geeks' Lounge)
- IE 6 keeps switching back to an earlier version (Web Browsers)
- TechTalk Styles back in business (DaniWeb Community Feedback)
- ThemeXP is back! (Windows NT / 2000 / XP / 2003)
- Meaningless pat on the back, but... (Geeks' Lounge)