New mass-mailing worm on the creep

Some administrators returning to work today after a three-day weekend are finding an unwelcome bagel waiting for them. A new mass-mailing worm, known as W32/Bagel-A or just Bagel.A, began spreading rapidly over the weekend in Europe.

Security experts predicted that the rate of infection could increase Tuesday as the workweek resumed in America after the Martin Luther King holiday.

According to iDefense Inc. of Reston, Va., Bagel.A began spreading late Sunday and by early Monday morning more than 50,000 interceptions had been made.

The worm contains the subject 'Hi' and the message text reads 'Test+)'.

'There's nothing particularly enticing about the message sent out by Bagel, yet it spreads with very good success in the wild,' said Ken Dunham, director of malicious code at iDefense. 'It appears that being brief and saying little, even if the content is vague and scarce, is a highly effective method for spreading malicious code.'

Bagel also contains a spoofed 'from' address and a 15.87K executable attachment with a random file name. When executed, the attachment attempts to create the file BBEAGLE.EXE in the Microsoft Windows System directory, disguising itself with the Microsoft calculator icon. It mass-mails itself to addresses harvested from the compromised computer and attempts to communicate via Port 6667 with a list of URLs.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • cloud migration (deepadesigns/Shutterstock.com)

    What agencies can learn from the Army’s complicated move to the cloud

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group