Rash of Bagle variants launched across Internet

By Matt Whipp

Posted on 25 Nov 2005 at 13:05

In the wake of the Sober virus epidemic, a rash of 12 fresh variants of the Bagle virus have been launched out onto the Internet.

On Wednesday afternoon, Moscow-based Kaspersky Labs said it was aware that those running botnets of computers infected with the Bagle virus were updating their systems; namely, by issuing new variants.

The botnets are controlled remotely through backdoors implanted into the infected systems and are made available for hire to spammers, extortionists and anyone else that will pay to hire them.

However, in order to run such a business successfully, those controlling the botnets need to ensure that IP addresses they claim are under there command haven't been taken offline, or secured so that they are unusable, and equally to add fresh systems as they become available for infection.

Thus, Kaspersky noted two variants of the Bagle Trojans being spammed out in quick succession, followed by a third half an hour later. By the following morning it had detected five Trojan downloaders (classified as Trojan-Downloader.Win32.Bagle.d - h) and seven worms (Email-Worm.Win32.Bagle.eo - eu.).

Most of the variants are very similar in nature, said Finnish security firm F-Secure, with some changing the web addresses through which they are controlled.

Antivirus vendors have issued signatures to protect against the new viruses and advise that users ensure their software is up to date to avoid infection.