A variant of the Bagle worm has returned and is spreading fast, packing double action that could congest networks and block anti-virus (AV) updates.
The variant, Bagle.AI, is similar to the recent Bagle.AC and Bagle.AQ variants, say AV vendors. The latest variant was first spotted in Australia at 2.30am today, and has spread to SA.
Brett Myroff, CEO of local Sophos distributor Netxactics, says Netxactics has had no reports from its local clients, but he is aware of the worm`s spread. Sophos rates it as a medium threat, but this could change once it spreads to the US - probably later today, says Myroff.
Ken Dunham, director of malicious code at iDefense, says over 11 000 interceptions were reported in the first few hours of the worm in the wild.
The worm arrives in a .zip file, in an e-mail with a subject line that includes the word 'foto`, say AV experts.
Myroff says the worm installs a file on the infected PC which then terminates certain AV updating processes. It also attempts to download a certain .jpg file from 131 separate Web sites. If it is unsuccessful, it tries again in six hours.
"Obviously, this could cause a lot of network congestion," says Myroff. "We`ve been unable to locate the file in question, so this could even be a ploy to tie up networks by causing infected PCs to search 131 sites repeatedly for a non-existent file."
Share
