By Robert Lemos, 27 April 2004 09:15
NEWS The author of the latest variant of the Bagle worm has gone beyond penning just a piece of code - the writer has also included a poem in the document attachment on which the worm piggybacks.
The malicious program, known as Bagle.Z, has not spread very quickly, said Vincent Gullotto, vice president of the antivirus emergency response team for McAfee.
"I don't anticipate this one to last long," he said, adding that the variant has had some initial success because the worm attaches itself to email in a control panel file, which is an executable not used by virus writers before. "It is not a file that most people would typically block, so it may penetrate into some environments."
The release of Bagle.Z is the latest in what appears to be a contest between the writers of two worms - Bagle and NetSky. A recent version of NetSky, or SkyNet, as the author calls it, included a promise by the writer to keep creating new versions as long as the creator of the Bagle worm keeps revising that program.
While there were at least six different versions of NetSky released in April, far fewer Bagle variants have been seen this month. Virus experts believe that the source code to the NetSky worm was leaked to the internet by the author, and so it is likely that no single author created all the variants.
Several version of the Bagle worm were released in March. However, the program has not spread widely. E-mail service company MessageLabs reports having seen a relatively small number--several hundred--of the worm's e-mail messages, the company said in an e-mail release.
The variant continues the trend of using a randomly chosen name from a list of words for the subject of the message and for the attachment that contains the program. Additionally, the worm uses a graphic of three cherries, similar to a winning result on a slot machine, as the icon for the executable attachment, said Network Associates, which is planning to change its name to McAfee.
The attachment also contains these four lines of text, which appear in all-capital letters:
Unique people make unique things That things stay beyond the normal life and common understanding The problem is that people don't understand such wild things, Like a man did never understand the wild life.
Attaching a poem to a virus is not a new technique. In the early 1980s, what is believed to be the first Apple II virus displayed a poem every 50th time the infected computer started up.
Robert Lemos writes for News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below