New Bagle Variant Spreading Quickly

October 2004


BitDefender Labs is on the case

A new variant of the Bagle strain was detected today by BitDefender Labs and is spreading fast, having been reported in numerous instances in the wild. Bagle.AX is a classical mass mailer, in no way dissimilar to its predecessors. It obviously spreads by e-mail, but also copies itself into shared folders, under various appetizing names like "Serials.txt.exe"

The virus has a backdoor component, which presumably listens for commands from its creators and uses a simple trick to create copies of itself that are of variable length, making it harder to filter out of e-mails.

When asked to comment on the apparent success the new virus has had, BitDefender CTO Bogdan Dumitru declared: "At this time, I can think of no reason other than deft initial seeding. The author, or authors, must have had a list of vulnerable machines at hand."

BitDefender labs have been detecting this virus since it first appeared last night, under the name of Win32.Bagle.10.Gen@mm. A specific signature update has been issued, and a free removal tool is also available on the BitDefender website. A full technical description can be found here.


Share This ON: