Jump to content

Bagle Worms


Recommended Posts

Researchers have discovered two new variants of the notorious BAGLE family of worms. Although WORM_BAGLE.BQ and WORM_BAGLE.BS have not caused a high number of infections, they are utilizing a relatively new technique – adding a downloader between the Trojan and worm components as part of a “tri-component” technique – which enables a far more dynamic spreading mechanism and a higher potential for damage. Although security experts first saw this technique in mid-September with a series of other BAGLE variants, its re-emergence suggests that this could become more prominent – and destructive – in the future.


According to Jamz Yaneza, Senior Research Engineer at Trend Micro, the URLs to which the code points are continuously changing to prevent the downloader from being detected. “At times they appear to be down, then they are brought back up again. This appears to give the author enough time to repack the code, thereby modifying the identifying file,” he said.


Security experts warn that these new variants could possibly mark the beginning of a concerning trend. A future variant with a slightly better refined propagation technique – including the use of a packer with polymorphic capabilities and utilizing an established Bot network – could lead to a significant number of infections.

Link to comment
Share on other sites

Thanks for the heads up Curtis. Some people just don't have anything better to do with their lives I guess!


This serves as a good reminder to make sure your anti-virus software is up to date. (Steve runs off to verify his Norton install is current.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...