• silicon.com
• Technology
• Security

By Robert Lemos, 16 July 2004 09:35

NEWS Unknown online vandals with an apparent connection to spam email have created a new version of the Bagle computer worm that has spread somewhat successfully in the past 24 hours, according to antivirus companies.

The mass-mailing computer virus, dubbed Bagle.AF or Beagle.AB by different security firms, opens a path for intruders to relay bulk email messages through the infected computer and attempts to contact one of almost 150 compromised German websites to let the attackers known of their latest conquest.

Oliver Friedrichs, senior manager for antivirus firm Symantec's security response center, said: "It certainly is successful. It is definitely comparable to threats that we saw earlier this year such as MyDoom."

Symantec raised the virus to a threat rating of three on its five-point scale, while rival antivirus firm McAfee - formerly Network Associates - gave the program a medium danger rating.

The latest incarnation of the Bagle virus is largely a copy of previous versions of the program, Friedrichs said. The first worm in the Bagle line started infecting computers in January.

Bagle.AF arrives in email as an attached file and infects computers running the Windows operating system if the user opens the file. The program attempts to halt more than 250 security applications from running on the computer, mails itself to any email address it can find on the computer, and contacts one of 141 German websites, twice the number that a previous version of the virus contacted. The diverse websites have likely been compromised by online vandals, leaving behind software to record which computers have been infected by the Bagle worm.

With that information, the vandals can use the compromised computers to spread spam, or sell the information to spammers, Friedrichs said. The virus leaves open a backdoor specifically for that purpose.

Increasingly, computer viruses are used to spread software that surreptitiously converts computers to an attacker's purpose. Such "bot" software can be used by spammers and more dangerous online denizens to disrupt access to websites or collect personal financial information.

And while the latest Bagle worm uses an old method of spreading itself, it's still effective. Symantec has had almost 175 reports of infections, Friedrichs said.

"I think what we are seeing is that these threats will continue to be successful because people are continuing to trust attachments and continuing to click on them," he said. "Really, the human factor is the weakest link that is allowing these worms to be so successful."

Robert Lemos writes for CNET News.com