Bagle (computer worm)

Bagle (also known as Beagle) is a mass-mailing computer worm affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, is considerably more virulent.

Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the infected computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing certain strings such as "@hotmail.com", "@msn.com", "@microsoft" or "@avp".

The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.

The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large numbers; Network Associates rated it a "medium" threat. It was designed to stop spreading after February 25, 2004.

Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.

Some of these variants contain the following text:

    "Greetz to antivirus companies
     In a difficult world, 
     In a nameless time, 
     I want to survive, 
     So, you will be mine!! 
     -- Bagle Author, 29.04.04, Germany."

This has led some people think the worm originated in Germany.

Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence. However, Windows users are warned to watch out for it.

Botnet

The Bagle botnet (Initial discovery early 2004[1][2]), also known by its aliases Beagle, Mitglieder and Lodeight,[3] is a botnet mostly involved in proxy-to-relay e-mail spam.

The Bagle botnet consists of an estimated 150,000-230,000 [4] computers infected with the Bagle Computer worm. It was estimated that the botnet was responsible for about 10.39% of the worldwide spam volume on December 29, 2009, with a surge up to 14% on New Year's Day,[5] though the actual percentage seems to rise and drop rapidly.[6] As of April 2010 it is estimated that the botnet sends roughly 5.7 billion spam messages a day, or about 4.3% of the global spam volume.[4]

See also

References

  1. "The Bagle botnet". Securelist. Retrieved 2010-07-30.
  2. "A Little Spam With Your Bagle?". M86 Security. 2009-06-05. Retrieved 2010-07-30.
  3. "Bagle". M86 Security. 2009-06-05. Retrieved 2010-07-30.
  4. 1 2 http://www.messagelabs.com/mlireport/MLI_2010_04_Apr_FINAL_EN.pdf
  5. Dan Raywood. "New botnet threats emerge in the New Year from Lethic and Bagle". SC Magazine UK. Retrieved 2010-07-30.
  6. "New Spamming Botnet On The Rise". DarkReading. Retrieved 2010-07-30.
This article is issued from Wikipedia - version of the 10/27/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.