January 27, 2005 11:15 AM PST
Bagle virus makes a return
The latest version of the malicious software, which some experts refer to as an e-mail worm, is rearing its head worldwide. By Thursday morning, virus trackers in China, Japan, the United States and parts of Europe had reported instances of the threat.
Trend Micro said that the new offshoot, which it calls Bagle.AZ, is distributed as an e-mail attachment that cloaks itself as a delivery notification or confirmation. It uses "spoofed" e-mail addresses to appear to be from a known source, the antivirus software maker said.
The Tokyo-based company said it first discovered the virus on Thursday in Japan, well before the start of business hours in the United States. An almost identical version of the virus, dubbed Bagle.AY, also began appearing late on Wednesday, it said.
Upon infecting a computer, the Bagle variant harvests any available e-mail addresses and inserts copies of itself into the PC's shared folders, Trend Micro said. It then uses the infected system to distribute itself to additional computers.
Some antivirus companies, including software maker Symantec, refer to Bagle threats as "Beagle" worms. For instance, Symantec is calling the latest variant of the virus as W32.Beagle.AZ@mm.
Since the threat appeared outside business hours in the United States, Trend Micro believes the virus was contained relatively quickly and should pose only a minor threat to the large corporations that it was likely aimed at. Corporate servers typically contain thousands of e-mail addresses, making them an attractive target for e-mail borne virus attacks.
Trend Micro has ranked the new virus as a medium-level threat.
"This version could escalate, but it doesn't look that way right now," said David Perry, global director of education at Trend Micro. "It's not being widely circulated at present, and viruses that hit during the work day in the U.S. tend to do a lot more damage."
However, Perry highlighted the fact that the most dangerous time of the year for viruses, which typically stretches from March until May, is about to begin. He said the resurgence of Bagle, which has cooled down over the last few months, may be tied to the one-year anniversary of the threat's launch in 2004.
"I couldn't tell you why this timeframe is so popular for virus activity, but there's little doubt that we'll see some significant attempts over the next several months," Perry said.
Earlier this week, several antivirus companies detailed the emergence of a new variant of the MyDoom threat. However, that virus is being classified as a low risk at this time.
5 commentsJoin the conversation! Add your comment