By David Becker, 10 August 2004 08:50
NEWS A prolific new variant of the mass-mailing Bagle worm began flooding email accounts overnight with bogus price quotes.
Like previous versions of Bagle, the new Bagle.AQ worm spreads by sending out messages with an infected attachment compressed under the common .Zip format. Both the name of the attachment and the body of the message are a variant on "price" or "new price".
Unlike earlier Bagles, the new version also packs in a three-year-old piece of JavaScript code that, once executed, attempts to send the infected PC to various websites to pick up more Bagle code, said Vincent Gullotto, vice president of the antivirus emergency response team for security specialist McAfee.
Bagle.AQ started spreading Monday morning and quickly began bombarding some corporate email systems with thousands of infected messages, Gullotto said.
"It made its way into the public eye in a rather grandiose fashion," he said.
Gullotto attributed the worm's fast start to use of the old JavaScript trick and initial distribution that included an unusually large number of email addresses to target. "Someone has used a rather spamlike technique to get it going," he said.
Those same techniques should also ensure a relatively brief heyday for the worm, as email security systems learn to block the variant, Gullotto said. "I don't expect it'll last more than 24 hours," he said. "Then it's onto the next pest."
David Becker writes for News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below