 |  |  |  |  |  |  |  |
Bagel is back (again)
According to my Finnish friends, F-Secure, Bagle looks like it might be back in business. Not that it has ever really gone away of course, as it is one of the most prevalent of worm families.
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.
What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO
The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…
Similar Threads
- Bagel virus/mixer/running games/antivirus software nonworkingness (Windows NT / 2000 / XP)
- Back to XP? (Windows Vista and Windows 7)
- I'm back!! (DaniWeb Community Feedback)
- Get submitted values when navigating back with browser back button (ASP.NET)
| Thread Tools | Search this Thread |
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for news, security, virus
advertising age amd android apple avatar bluegene botnet broadband browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing medicine memory microsoft mobile mozilla music network news obama openoffice opensource os pc piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam spyware sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working worm x86 xbox youtube
