Bagle.BK and Bagle.BL are Breading at an Enormous Rate

Bagle.BK and Bagle.BL are Breading at an Enormous Rate
Both worms are designed to spread rapidly via email, and using P2P applications like KaZaA. Panda Software's international support network has already begun to register incidents caused by Bagle.BL in countries such as Holland and the USA, and it is likely, given the characteristics, that the number of computers affected by the worms will start to increase. With this in mind, Panda Software has set the virus alert level at orange.





Panda Software clients that already have TruPrevent Technologies to combat unknown viruses and, have had preventive protection against Bagle.BK and Bagle.BL from the moment they first appeared, as they can detect and block them without having previously identified them.

Bagle.BK and Bagle.BL reach computers in email messages with spoofed sender addresses and with subject fields chosen at random from a list of options.

Possible subjects include: "Delivery by mail" or "Delivery service mail". The message text may include phrases like: "Before use read the help" or "Thanks for use of our software". The message attachments, which actually contain the worms, have variable names, although their extension is always COM, CPL, EXE or SCR.

Full information on the characteristics of the messages in which Bagle.BK and Bagle.BL are spread is available in Panda Software's Virus Encyclopedia.

In order to spread via P2P applications like KaZaA or Morpheus, both worms create -in the programs' shared folders- copies of themselves with names such as ACDSee 9.exe, Adobe Photoshop 9 full.exe or Ahead Nero 7.exe, among others. This is to bait other users into downloading them and then executing them.

Regardless of how they reach computers, when a file containing either of the worms is run, they use their own SMTP engine to send themselves to the email addresses they find in files with certain extensions stored on the computer. Nevertheless, they avoid sending themselves out to certain addresses, principally those related to IT security software companies.

The most dangerous action that both variants of Bagle take is the termination of processes in memory related to antivirus and security applications, leaving computers defenseless against further attack.

They also make several entries in the Windows registry to ensure they are run every time the system is started up and delete others that could exist as the result of infection by variants of Netsky.

Due to the high possibility of being infected by Bagle.BK and Bagle.BL, Panda Software advises users to take precautions with any email messages they receive and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect these new malicious codes.

Source: press release

See also:

  • Bropia.A to Target IM Networks
  • New Worm Poses As Breaking News Headlines
  • New Virus Poses as a Message from BitDefender





    Permalink: Bagle.BK and Bagle.BL are Breading at an Enormous Rate
    Posted 01/28/05 | Filed under: Security | AddThis Social Bookmark Button


    Technorati tags: , , , , ,