[ISN] Bagle commandeers PCs for zombie army

InfoSec News isn at c4i.org
Wed Jun 29 01:04:45 EDT 2005


By Joris Evers 
Staff Writer, CNET News.com
June 28, 2005

A new version of the Bagle virus is attempting to turn PCs into
zombies for use in cyberattack networks.

The variant surfaced over the weekend and was spammed to tens of
thousands of Internet users, Ero Carrera, a researcher at F-Secure,
said Tuesday. The antivirus software maker is calling the offshoot
Mitglieder.CN, but it is known by other names, such as Bagle.BQ or
Tooso.J, at other security companies.

The latest Bagle behaves in a similar way to its predecessors that
don't self-propagate. It arrives in an e-mail with a attachment. When
the file is executed, the malicious program tries to disable firewalls
and antivirus software. It then attempts to download and run a Trojan
horse that hijacks the infected PC for use as part of a botnet.

Botnets are groups of compromised PCs, often numbering in the
thousands per network, that are rented out to relay spam, to launch
denial-of-service attacks, or to perform other malicious acts.

"Compromised PCs could be used to send out new variants of Bagle," for
example, Carrera said.

Bagle has spawned at least 70 variants since the virus emerged in
January 2004. Some iterations have been more sophisticated than
others, blending mass-mailing and Trojan horse techniques.

Most antivirus companies updated their products over the weekend to
protect customers against the new virus. "It is not going to be a
major issue," Mikko Hypponen, director of research at F-Secure, said

Symantec rates the new variant a low risk because it has not spread
much. "Our rate of submissions is slowing down on that variant, so we
don't consider it to be a significant threat," a Symantec
representative said Monday.

More information about the ISN mailing list