Please support our Tech Talk advertiser:
Featured Entry 
Dec 2nd, 2006, 5:32 pm
According to my Finnish friends, F-Secure, Bagle looks like it might be back in business. Not that it has ever really gone away of course, as it is one of the most prevalent of worm families.
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 1,715 views, 0 comments, and 38 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Dec 2nd, 2006.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news phishing privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- UK ISPs agree to throttle illegal music file-sharers (3 Hours Ago)
- Intel To Focus on Devices, Again (9 Hours Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (15 Hours Ago)
- 5-4-3-2-1 your website in infected (1 Day Ago)
- Botnets boost click-fraud rate (1 Day Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (2 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (3 Days Ago)
- Power-Sipping PC Runs Linux (3 Days Ago)
- Fake UPS invoices deliver Pushdo botnet package (4 Days Ago)
Related Forum Threads
- problem with loop back (Networking Hardware Configuration)
- I am back (for now) (Geeks' Lounge)
- IE 6 keeps switching back to an earlier version (Web Browsers)
- TechTalk Styles back in business (DaniWeb Community Feedback)
- ThemeXP is back! (Windows NT / 2000 / XP / 2003)
- Meaningless pat on the back, but... (Geeks' Lounge)
