Two new versions of the venerable Bagle worm are on the loose, infecting PCs and opening backdoors as they go. The pair are virtually indistinguishable from one another and also are quite similar to most of the other Bagle variants. The main area of concern for enterprises is the fact that both Bagle.BC and Bagle.BD open a backdoor on TCP Port 81 on infected PCs. Both versions were discovered early Friday morning.
Both variants are capable of spreading through peer-to-peer networks, as well as via e-mail. Both arrive in e-mail messages with spoofed sending addresses and one of a handful of meaningless subject lines, such as "Re:" "Re: Hello" or "Re: Thank you." The bodies of both variants contain just a single emoticon, and the name of the virus-infected attachment is either "Price," "price" or "Joke." Once installed on a user's machine, the two variants try to download and execute a file from one of several dozen Web sites. And they both attempt to terminate a number of running security-related processes on the machine, according to an analysis of the worms by McAfee Inc., in Santa Clara, Calif.
News source: eWeek
1 Comment - Add comment