Two new Bagle worms send security firms rushing to release updated signatures and prompting most to up their alert levels to "medium" for the first time this year.
Two new versions of the Bagle worm appeared late Wednesday and early Thursday, sending security firms rushing to release updated signatures and prompting most to up their alert levels to "medium" for the first time this year.
"So far 2005 has been fairly quiet in terms of brand new virus outbreaks," said Graham Cluley, a senior technology consultant for Sophos in a statement. "And if everyone applied computer security common sense it would help keep it that way."
The newest variations -- which because of the large number of Bagles sport a bewildering array of names depending on the anti-virus vendor -- are relatively standard copies of the long-running worm family. Bagle.ax and Bagle.ay (the two most common monikers for the worms) come disguised as e-mail delivery error messages to entice users to open the attached file, spread via peer-to-peer and network file sharing, disable numerous anti-virus and firewall products (including Windows XP SP2's Security Center and that OS's on-by-default firewall), and retrieve a backdoor component from one of a large number of remote Web servers.
Vendors such as McAfee, Panda Software, Trend Micro, and F-Secure bumped up their alert ratings Thursday to "medium" because of the worms' quick spread. This is the first time, for instance, that either McAfee or Trend Micro have assigned that ranking to a worm or virus in 2005.
According to Trend Micro's analysis, the newest of the two, Bagle.ay, also opens TCP port 81 to listen for commands from the attacker, and -- believe it or not -- still takes pot shots at 2004's Netsky worm.
Nearly a year ago, the Netsky and Bagle authors played a tit-for-tat game where each new version of their worms tried to eradicate the other. Bagle.ay keeps up the habit by deleting several Windows registry keys that Netsky plants, and preventing future Netsky infections from running.
By mid-morning Thursday (PT) all the major anti-virus firms have posted virus signature updates to take into account both Bagles.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?