New mass-mailing worms found in the wild

New mass-mailing worms found in the wild

Waking up to fresh bagels is a good thing, but when it is spelled 'bagle' it could mean headaches for systems administrators.

European antivirus organizations have reported finding new variants of the bagle worm in the wild overnight. It is not clear how quickly they are spreading, but they appear to be heavily seeded. Analysts at Moscow-based Kaspersky Labs estimate that several million copies of the worms have been sent.

BitDefender Labs of Bucharest, Romania, called the new worm it discovered a 'classic mass mailer, in no way dissimilar to its predecessors.'

Both companies have updated antivirus signatures for the worms.

Three variants have cropped up, dubbed, and Bagle.AX. All carry similar payloads, which install e-mail proxy servers and back doors.

The subject line in copies found so far begins with 'Re:' and is followed by 'Hello,' 'Thank you,' 'Hi,' or 'Thanks :).' Sometimes the remainder of the line is blank.

The payload is in an attachment, usually named 'price' or 'joke,' with a .com, .exe, .cpl or .scr extension.

The worms scan infected machines for e-mail addresses and mail copies of themselves. The .au and .at versions also open port TCP 81. The .AX version also can spread over peer-to-peer connections.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.