0

According to my Finnish friends, F-Secure, Bagle looks like it might be back in business. Not that it has ever really gone away of course, as it is one of the most prevalent of worm families.

F-Secure have noticed new activity during the last couple of days, which sees a number of old Bagle update URLs activated again. This time they are making a new executable available, which can be downloaded and executed by those machines already infected by previous variant. Of course, one thing never really changes and that is the payload, so expect to see spams containing infected attachments, this time with filenames that refer to price lists as an inducement to open them. Handily, the spam also comes complete with an image that illustrates the password required to decode the attached Zip archives.

What has changed is that Bagle.GO, as F-Secure has christened it, will use an SSDT rootkit in order to hide the fact that it has installed upon an infected system. As well as ensuring your AV system is up to date with signature files, you might want to keep an eye on firewall logs for any access to either www.bronko-m.ru or bpsbillboards.com which are used by Bagle.GO

The worrying thing is that given the number of unpatched systems out there, and given the number of Bagel variants, and given the number of machines therefore infected with it the coming of another Bagel driven spam wave is, well, a given…

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.