Bagle copycat builds Zombie attack network
Virus writers have released a new version of the Bagle worm, on the back of the source code released into the wild earlier this month.
Bagle-AF (AKA Bagle-AB or the 'Apprentice' worm) is spreading quickly across the Net, following its release yesterday. Most anti-virus firms rate it as medium risk.
The new Bagle worm was made using source code which came with the payload of the Bagle-AA (confusingly, some firms refer to this as Bagle-AE) worm earlier this month. Including the source code in a virus is like adding DIY instructions for apprentice hackers, since it makes it easier for the less-skilled to make many more versions of new viruses.
Bagle-AF opens a path for intruders to relay bulk email messages through infected PCs. The worm tries to contact one of 141 compromised German websites to let its creators know which PCs it has infected. The worm leaves open a backdoor on compromise computers, which can then be used to spread spam or as zombie drones in DDoS attack networks.
The latest variant of Bagle is little different from its predecessors. Like the other it normally arrives in email as an attached file. It can also spread over P2P networks.The worm can arrive in the form of a password-protected .ZIP file, with the password included in the message body of an infected email or within an attached image. Earlier versions of Bagle used the same trick.
