NEWS Computer security experts fear a new worm - Bagle-A - which began spreading rapidly across Australian email overnight could be a rehearsal for a more concerted worldwide attack in coming weeks.
According to Daniel Zatz, security director for Computer Associates Australia, Bagle-A carries an expiry date, possibly indicating more robust versions of the worm could be slated for release soon - drawing comparison to the Sobig worm.
According to Zatz, while Bagle-A is already successful, responsible for an alarming 80 per cent jump in queries to CA's help desk and in virus submissions to rival computer security company Sophos, the current version of the worm contains bugs.
Comparing Bagle to the infamous Sobig virus which flooded global email networks last year, Zatz fears that a more virulent version of new worm could appear soon.
"One of our biggest concern is that if we look back a year ago at the Sobig variants, they all had drop-dead dates, and every time one hit that drop dead date a new variant came out; a new and improved variant of it," said Zatz.
Bagle-A is due to expire on the 28 January, suggesting tuned variations of the worm could appear as early next week.
Bagle-A's creators, like authors of many previous successful worms, have relied on the ignorance and curiosity of email users for the worm's success.
The worm arrives in email inboxes as a message containing few lines of text suggesting the email may be from system administrator, as well as an executable attachment. When the attachment is activated by its receiver the worm then installs a program on the recipient computer that allows the worm to be emailed on to other users in the system's local address book.
The worm also attempts to install a backdoor or Trojan on infected machines, listening for actvity on port on 6777.
Sean Richmond, support manager with anti-virus software vendor Sophos Australia and New Zealand, said the company was still examining the Trojan to see what else it is capable of.
Given that most corporate email servers block transmission of executable attachments, CA's Zatz believes that home and medium-sized enterprise users are responsible for spreading the new worm.
Zatz could give no other explanation for the worm's apparent success than "pure curiosity" on the users' part.
Andrew Colley writes for ZDNet Australia
Comments
There are 2 comments. Join the discussion
1. templar van-boek
well i think there bloody bastards.
2. Steve Kudlak
It seems like a test of something.
The Bagle viruses often have expiry
dates. What it seems to test is how
uninformed people are.
In theory everyone knows the whole lecture about not opening attachments.
They also know that virus message bodies
are often stupid with mispellings and
the like. But still they opened it.
Of course my neighbor is a well thought of medical professional. I walked through his system, checking for viruzes and malware and all that jazz. He asks how to use the "Clean Disk Facility" I tell him and give him many warnings about how he can get into trouble. I told him he should delete only temporary files and the like. I told him to leave alone anything he doesn't understand and that I would explain things later. Now his system won't boot and he admits he juswt deleted things right and left.
That look effort. Clicking on an intriguing looking calculator icon takes less than a second.
Have Fun,
Sends Steve