Bagle Trickier Than First Thought - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Bagle Trickier Than First Thought

Security firms offer more detailed accounts of a massive spam-based attack of Bagle-like Trojan horses.

After a day's analysis, security firms offered more details about Tuesday's massive spam-based attack of Bagle-like Trojan horses.

The assault was begun by, at most, two to four worms, not more than a dozen different Trojan horses as some suspected, security firm F-Secure said Wednesday.

"There are at least two new variants of the Bagle worm going around," said F-Secure in an online advisory. "One feature of these new variants is to use infected computers to seed out e-mails, with the downloader program as an attachment. So in addition of sending out e-mails with the virus, they send out e-mails with a downloader which won't spread further. Lots of them."

The "downloader" F-Secure mentioned is the Trojan horse (actually, horses, since there were at least four different versions of that.)

In other words, the new Bagles -- Symantec IDed four, and named them,,, and -- were seeded first. Once they infected a system, the worms then used their own SMTP mailing engine to spam out copies of the non-replicating Trojans. If those were successful in infecting a PC, they in turn tried to connect with a remote site -- which was shut down mid-day Tuesday -- to pull e-mail addresses to spam more computers.

That, said F-Secure, was another way that this latest attack differed from previous Bagle campaigns.

"These new Bagle variants are using a client/server architecture to spread," the company said in its advisory. "Normally Bagle variants search the local hard drive to find e-mail addresses to send itself to. [But] these new variants connect to a back-end server [that] then returns 50 unique email addresses that it generates using directory harvest techniques."

No new Bagle variants had been spotted as of mid-morning Wednesday (PST).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll