Wednesday, September 22, 2021

New Wave of Bagle Worms Pounds Internet

A new wave of Bagle variants is pounding the Internet and appears to be

trying to build a zombie army, according to security analysts.

”They’re showing up in mass quantities,” says Steve Sundermeier, a vice

president for Medina, Ohio-based Central Command, an anti-virus and

anti-spam company. ”They’re dangerous… This particular author or

authors is building a Trojan army.”

The Bagle family of worms first hit the Internet back in January of 2004,

and waged battle with the author of the Netsky family during the Worm

Wars. But the flood of Bagle worms had slowed down in recent months…

until a day or two ago when they started coming in fast and furiously.

Wednesday morning alone saw eight different variants hit the Internet,

says Sundermeier. In the past few days, Central Command has added between

20 and 30 anti-virus updates or signatures for Bagle variants. However,

when you add in the updates issued for the Trojans that the worms are

trying to download, then they’ve issued a total of 50 or 60 signatures.

Analysts at Sophos, Inc., an anti-virus and anti-spam company with U.S.

headquarters in Lynnfield, Mass., report that an attack spread across the

Internet between 11 a.m. and 7 p.m. EST yesterday and a new attack began

Wednesday morning at 11 a.m.

The variants are being spammed out to computers around the world in

emails with malicious attachments. They are not mass-mailing worms which

can spread themselves. This is all being done by spam, analysts say. Once

a user clicks on the attachment, which is a zip file named price or

newprice, the worm shuts down key security features, like anti-virus

software and firewalls, and then it attempts to download a Trojan horse.

Ken Dunham, a senior engineer for VeriSign iDefense Inteligence based in

Mountain View, Calif., says the variants are being ”aggressively

seeded” in the wild. He adds that the advantage of spamming the variants

out means they instantly are widespread, increasing the chances of people

opening them and infecting their machines.

Patrick Hinojosa, CTO at Panda Software U.S., an anti-virus and intrusion

prevention company with U.S. headquarters in Glendale, Calif., says he

believes various hackers are using the basic Bagle code to build their

own variants — and they’re all trying to make money off of it.

”This is just the opening salvo,” says Hinojosa. ”Its whole purpose is

to create a zombie army… Spammers need machines to use so their work

isn’t being traced back to them. Phishers need anonymous computers that

can’t be traced back to them.

”They’re creating this army because someone has already placed an order

for these machines or they’re looking to sell these machines to a spammer

or phisher, most likely. We see this far too often these days.”

Similar articles

Latest Articles