To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39131478,00.htm

Virus warning: Bite the Bagle and become a zombie
Trojan menace recruits for botnets...

By Joris Evers

Published: Wednesday 29 June 2005

A new version of the Bagle virus is attempting to turn PCs into zombies for use in cyber attack networks.

The variant surfaced over the weekend and was spammed to tens of thousands of internet users, according to Ero Carrera, a researcher at F-Secure. The antivirus software maker is calling the offshoot Mitglieder.CN but it is known by other names, such as Bagle.BQ or Tooso.J, at other security companies.

The latest Bagle behaves in a similar way to its non-self-propagating predecessors. It arrives in an email with an attachment. When the file is executed, the malicious program tries to disable firewalls and antivirus software. It then attempts to download and run a Trojan that hijacks the infected PC for use as part of a botnet.

Botnets are groups of compromised PCs, often numbering in the thousands per network, that are rented out to relay spam, launch denial-of-service attacks, or perform other malicious acts.

Carrera said, for example: "Compromised PCs could be used to send out new variants of Bagle."

Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.

Most antivirus companies updated their products over the weekend to protect customers against the new virus. Mikko Hypponen, director of research at F-Secure, said: "It is not going to be a major issue."

Symantec rates the new variant a low risk because it has not spread much. A Symantec representative said: "Our rate of submissions is slowing down on that variant, so we don't consider it to be a significant threat."

Joris Evers writes for CNET News.com