By Will Sturgeon, 18 February 2004 16:30
NEWS Antivirus vendors worldwide have updated their warnings regarding Bagle.B to the highest levels, as the variant outstrips the performance of its predecessor.
But it's the sucker punch that may be delivered by a new arrival on the horizon - Netsky - that could really hit networks hard while administrators are all distracted by the Bagle variant.
F-Secure, Sophos and MessageLabs all upgraded Bagle.B to their highest alert level overnight, after the worm started to spread yesterday.
MessageLabs has so far stopped 92,000 instances of Bagel.B across 66 different countries, after it was first detected in Poland.
But while admins are fighting to safeguard their networks against Bagle.B, they may be leaving themselves open to a far more serious threat in the shape of Netsky, which shows signs of spreading at a similar rate.
While Bagle.B has outperformed expectations based on the simplicity of its programming, Carole Theriault, a security consultant at Sophos, believes the mass-mailing Netsky poses a greater threat.
"Netsky has a variety of subject lines, message text and attachments, making it more like Klez or MyDoom," said Theriault. The virus attachment also has double extensions - which thinly disguises its actual nature. While this is hardly rocket science, it is still more deceptive than the obvious .exe extension.
The virus also copies itself to shared folders - often taking a file name of a sexual nature - meaning it poses a risk to users swapping pornography via peer-to-peer services and network shares.
"I'm actually surprised that people are still clicking on the Bagle virus despite all the media and press attention," said Theriault. "But the added complexity of Netsky means it may well still catch out a lot of people."
"I'd be very surprised if it doesn't turn out to be worse than [the first] Bagle," she warned.
As ever, the advice in both instances is simple. Do not open files that you cannot vouch for and don't necessarily trust an email just because it comes from a known contact.
Comments
There are 5 comments. Join the discussion
1. Bob
Shout it from the rooftops people...
DONT CLICK EXECUTABLE ATTACHMENTS!!!
2. Chuka Madu
I simply wish to register my thanks for your enlightenment. I would still ask if you have told us all we need to know about this dreaded virus. Further enlightenment may be urgently required.
Thanks again.
3. anonymous
"I'm actually surprised that people are still clicking on the Bagle virus despite all the media and press attention," said Theriault. "But the added complexity of Netsky means it may well still catch out a lot of people."
Well then I guess she's never dealt with end users has she?
4. anonymous
In the last 12 years I have used Macs every day and I have never found a virus.
However, I have just spent the whole morning removing virus infected files from the single PC in our studio. Not the first time this has happened. It's a pain. Everything about PC's is a pain. Why don't we all just stop using them?
I blame the programmers. If we could get Solid Works for Macintosh that PC would be where it belongs - on the tip.
5. Jacob Allred
In the last 12 years I have used Macs every day and I have never found a virus.
Why would anyone bother writing a virus for a computer with such a low market share? If anyone threw out their Windows machines as you suggested in your post, then obviously whatever OS took Windows place would become virus infested.