Sponsored By

Beware Bagel Worms Updating

One site, which belongs to a Slovakian real-estate firm, was sending out new editions of Bagle every 50 seconds, a security company warns.

Gregg Keizer

April 17, 2006

1 Min Read

A new round of Bagle worm updates are going out to already-infected PCs, a security company warned Monday, and although one site spewing out the new versions has been shut down, another has popped up.

One of the download sites monitored by PCs compromised by earlier Bagles went live Sunday, said Helsinki-based F-Secure. The site, which belongs to a Slovakian real estate firm, was sending out new editions of Bagle every 50 seconds, said F-Secure's chief research officer, Mikko Hypponen, on his company's blog.

Shortly after Hypponen's first entry, the download URL within the Slovakian site was taken offline (though the site as a whole remained online).

Ten hours later, however, the downloads resumed from a different page within a Benin news site. Hypponen said that efforts were underway to shut off the downloads from the West African country's site.

F-Secure dubbed the update as "SpamTool.Win32.Bagle.g," a variation of 2004's Bagle.g that's specifically designed to turn the compromised machine into a spam zombie, sending out junk mail to others without the computer's owner knowledge.

Over the more than two years of Bagle's lifespan, it has metamorphosed scores of times, and has become adept at eradicating competing worms and viruses, automatically updating itself to new and more malicious editions, and collecting large numbers of PCs into attacker-run botnets.

While some security firms fail to rank Bagle on their top ten lists -- U.K.-based Sophos, for instance, had no Bagle variations on March's -- others include Bagel. McAfee's new Threat Center, for instance, has a Bagle as the number 2 threat in its current Top Malware chart.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights