Bagle Worms

[curtis]

Researchers have discovered two new variants of the notorious BAGLE family of worms. Although WORM_BAGLE.BQ and WORM_BAGLE.BS have not caused a high number of infections, they are utilizing a relatively new technique – adding a downloader between the Trojan and worm components as part of a “tri-component” technique – which enables a far more dynamic spreading mechanism and a higher potential for damage. Although security experts first saw this technique in mid-September with a series of other BAGLE variants, its re-emergence suggests that this could become more prominent – and destructive – in the future.

 

According to Jamz Yaneza, Senior Research Engineer at Trend Micro, the URLs to which the code points are continuously changing to prevent the downloader from being detected. “At times they appear to be down, then they are brought back up again. This appears to give the author enough time to repack the code, thereby modifying the identifying file,” he said.

 

Security experts warn that these new variants could possibly mark the beginning of a concerning trend. A future variant with a slightly better refined propagation technique – including the use of a packer with polymorphic capabilities and utilizing an established Bot network – could lead to a significant number of infections.

[cajunman4life]

Thanks for the warning Curtis. It's unreal to see everything people do to be "bad"

[stevevan]

Thanks for the heads up Curtis. Some people just don't have anything better to do with their lives I guess!

 

This serves as a good reminder to make sure your anti-virus software is up to date. (Steve runs off to verify his Norton install is current.)