Users login

Create an account »


Users login

Home » Hacking News » Fresh Batch of Bagles

Fresh Batch of Bagles

by Nikola Strahija on June 28th, 2005 Virus researchers are raising the alarm over a new offshoot of the Bagle worm that is attempting to hijack computers for use in botnets.

The latest attack was launched in a weekend spam run that attempted to trick Windows users into downloading an executable identified as Bagle.BQ or Mitglieder.CN.

According to an advisory from F-Secure Corp., the latest deluge closely resembles the recent three-pronged attack that used three different Trojans to take control of vulnerable computers and create botnets-for-hire.
Mitglieder.CN includes a main dropper and a DLL file that injects itself into Explorer.exe processes. Once executed, the dropper/injector creates two start-up keys and one status key for its file in Windows Registry.
To disguise itself during the first run, F-Secure said, Mitglieder will open an empty MSPaint program.

Like previous mutants, the Trojan has the ability to disable anti-virus and security software and open a back door for communication with a remote attacker.

Sam Curry, vice president of eTrust security management at Computer Associates International Inc. confirmed the new Bagles/Mitglieder sighting but said distribution remained low.

-Compared to the last attack, which was very sophisticated and coordinated, this one seemed to be a false start. It never really took off, Curry said.

He said the difference in attack methods indicated it was not the work of the group responsible for the triple-barreled attack earlier this month.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »