B
Baphomet
Guest
http://www.nytimes.com/cnet/CNET_2100-7349_3-5143115.html?th
New Internet Virus Spreads Fast, but Experts Debate Risk
January 19, 2004
Andrew Colley, Staff Writer, CNET News.com
Computer security experts fear a new worm that began
spreading rapidly across Australian e-mail networks on
Sunday could be a rehearsal for a more concerted attack in
coming weeks.
The worm--dubbed Bagle-A--carries an expiry date, possibly
indicating more robust versions of the worm could be slated
for release soon, said Daniel Zatz, security director for
Computer Associates Australia.
While Bagle-A is already successful--responsible for an 80
percent increase in queries to CA's help desk and in virus
submissions to rival computer security company Sophos--the
current version of the worm contains bugs, Zatz said.
Comparing Bagle to the infamous Sobig virus that flooded
global e-mail networks last year, Zatz fears that a more
virulent version of new worm could appear soon.
"One of our biggest concern is that if we look back a year
ago at the Sobig variants, they all had drop-dead dates,
and every time one hit that drop dead date a new variant
came out; a new and improved variant of it," Zatz said.
Bagle-A is due to expire Jan. 28, suggesting tuned
variations of the worm could appear as early next week.
Bagle-A's creators, like authors of many previous
successful worms, have relied on the ignorance and
curiosity of e-mail users for the worm's success.
The worm arrives in e-mail inboxes as a message containing
few lines of text suggesting the e-mail may be from system
administrator, as well as an executable attachment. When
the attachment is activated by its receiver the worm then
installs a program on the recipient computer that allows
the worm to be e-mailed on to other users in the system's
local address book.
The worm also attempts to install a backdoor or Trojan on
infected machines, listening for activity on port on 6777.
Sean Richmond, support manager with anti-virus software
vendor Sophos Australia and New Zealand, said the company
was still examining the Trojan to see what else it was
capable of.
Given that most corporate email servers block transmission
of executable attachments, CA's Zatz believes that home and
medium-sized enterprise users are responsible for spreading
the new worm.
Another possible factor in the worm's success, Zatz said,
was the fact the worm's creators programmed the worm to
e-mail itself to handful of popular domains to evade swift
detection by dominant Web enterprises such as Hotmail, MSN
and a large Russian computer security agency.
Users who suspect their computers may be infected with the
virus should look for a file called bbeagle.exe in their
Windows System directory. The file disguises itself with
Microsoft familiar calculator icon.
New Internet Virus Spreads Fast, but Experts Debate Risk
January 19, 2004
Andrew Colley, Staff Writer, CNET News.com
Computer security experts fear a new worm that began
spreading rapidly across Australian e-mail networks on
Sunday could be a rehearsal for a more concerted attack in
coming weeks.
The worm--dubbed Bagle-A--carries an expiry date, possibly
indicating more robust versions of the worm could be slated
for release soon, said Daniel Zatz, security director for
Computer Associates Australia.
While Bagle-A is already successful--responsible for an 80
percent increase in queries to CA's help desk and in virus
submissions to rival computer security company Sophos--the
current version of the worm contains bugs, Zatz said.
Comparing Bagle to the infamous Sobig virus that flooded
global e-mail networks last year, Zatz fears that a more
virulent version of new worm could appear soon.
"One of our biggest concern is that if we look back a year
ago at the Sobig variants, they all had drop-dead dates,
and every time one hit that drop dead date a new variant
came out; a new and improved variant of it," Zatz said.
Bagle-A is due to expire Jan. 28, suggesting tuned
variations of the worm could appear as early next week.
Bagle-A's creators, like authors of many previous
successful worms, have relied on the ignorance and
curiosity of e-mail users for the worm's success.
The worm arrives in e-mail inboxes as a message containing
few lines of text suggesting the e-mail may be from system
administrator, as well as an executable attachment. When
the attachment is activated by its receiver the worm then
installs a program on the recipient computer that allows
the worm to be e-mailed on to other users in the system's
local address book.
The worm also attempts to install a backdoor or Trojan on
infected machines, listening for activity on port on 6777.
Sean Richmond, support manager with anti-virus software
vendor Sophos Australia and New Zealand, said the company
was still examining the Trojan to see what else it was
capable of.
Given that most corporate email servers block transmission
of executable attachments, CA's Zatz believes that home and
medium-sized enterprise users are responsible for spreading
the new worm.
Another possible factor in the worm's success, Zatz said,
was the fact the worm's creators programmed the worm to
e-mail itself to handful of popular domains to evade swift
detection by dominant Web enterprises such as Hotmail, MSN
and a large Russian computer security agency.
Users who suspect their computers may be infected with the
virus should look for a file called bbeagle.exe in their
Windows System directory. The file disguises itself with
Microsoft familiar calculator icon.
