Information Security Bulletin

ALERT: New Bagle Downloader Spreading Fast

31 May 06:02

MessageLabs is warning computer users to be on their guard against a new variant of the Bagle downloader. MessageLabs has intercepted almost 70,000 copies already. The first copy was intercepted today at 13:24 GMT. 45,769 copies have been stopped in the last hour (1400-1500 GMT). The virus appears to have originated from a Yahoo group.

The as yet unnamed Bagle downloader variant drops a trojan that attempts to download Bagle from a vast list of locations. Computer users who activate the file attached in the email invoke the virus, which harvests email addresses it finds on the computer's hard drive. The virus then forwards itself onto the list of email addresses it has discovered in infected computer.

Email characteristics:

Subject lines: Empty
Body Text: Empty

Once activated, the Bagle downloader variant drops a copy of an executable file onto infected computers, which in turn polls a vast list of URLs for the availability of a new mass-mailing component.

Related links: (Open in a new window.)
www.messagelabs.com/intelligence

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!