16 February 2004
This month's edition of Bagle is slightly different
Bagle.B - a new mass mailer worm - is now cruising at some speed along the information highways and back roads of our planet. The virus is in the wild and probably spreading. BitDefender Labs have detected infections in France and Germany, but there will likely be more to follow.
"Just like Bagle.A, this nasty has a lot of potential. Exactly as much as the original, since few changes appear to have been made. Even the e-mail text has changed little. This minimalist approach to soc-eng has worked once before. I wouldn't be surprised if it works again" declared Patrick Vicol, virus researcher for BitDefender Labs. Initial analysis shows that the virus was probably authored by the same person or group that coded Bagle.A.
There are some interesting details of this virus that might help to point out who the author may be. It sends notifications to various german bulletin boards, which may be an indication that the author or authors are German, as was the case with the author(s) of Sober.C. One other interesting fact is that this version is issued one month to the day after the first one made the rounds, which may suggest an orderly release cycle, an indication of an organised production process, or just a penchant for a particular date on the part of the author.
BitDefender analysts have already posted a removal tool for Bagle.B
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]