Bagle Variant Rolls Through Security Holes

Computer viruses and variants have been known to reemergeafter a lull in activity, but the latest case, the Bagle.aq virus, highlights continued security problems. Many users are unaware that they are acting as a relay for malicious code, spam and more.

The threat level for Bagle.aq was raised by antivirus giant McAfee, which said that the virus — a descendent of the relentless string of Bagle, Netsky and MyDoom worms that slowed the Internet and confounded virus fighters earlier this year — was spreading primarily among home users.

Security experts said that both the number and the danger of variants — which now include built-in SMTP spamming engines, as well as Trojans that allow future access — continue to rise, leaving the Internet community as a whole at greater risk.

“They [virus writers] know as well as we know that there are thousands of machines out there that are not protected,” McAfee AVERT vice president Vincent Gulottotold TechNewsWorld.

Growing Virus Families

In an earlier era, a worm would be released, then a few variants would follow. The new trend is for virus writers to “seed” their viruses by releasing a handful of variantsat the same time, iDefense director of malicious code Ken Dunham said. These tsunami-like attacks are intended to overwhelm antivirus software.

“We’ve seen a dramatic increase in waves of attack and multivariantfamilies,” Dunham told TechNewsWorld. “When there are multiple variants and they arerandomized, it makes it difficult to identify them and know what you’re dealing with.”

Dunham added that sharing of virus code and collaboration among virus writers is also increasing.

Woes of Worm War

The new Bagle variant makes clear that the viruses that infected machines and clogged Internet traffic last year still account for the bulk of viruses in circulation, Dunham said.

McAfee’s Gulotto said that security experts had confronted “wars” in the past, but nothing to compare with what played out last March and April, when virus writers exchanged barbs using variants of the three nasty worms.

Search and Spread

Gulotto said most worms today do not damage data or machines, but rathercommandeer PCs to spread themselves further or send spam.

“The number [of virus writers] is going to grow as the Internet grows,” Dunham said. “As the use of the Internet, the complexity and integrationcontinue to grow, so does the evolution of hacking.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels