washingtonpost.com  > Technology > Tech Policy > Security

New Worm Attacks Windows Computers

By Brian Krebs
washingtonpost.com Staff Writer
Monday, January 19, 2004; 6:05 PM

A new Internet worm that spread through Asia, Australia and Europe on Monday is expected to take hold in the United States on Tuesday as people go back to work after the Martin Luther King Jr. holiday.

The "Bagle" or "Beagle" worm arrives as an attachment to an e-mail with the subject line "Hi" and "test : )" in the body text. The worm is activated when a user clicks on the attached file.

_____Information on 'Bagle'_____
Symantec Security Response
George Mason Officials Investigate Hacking Incident (The Washington Post, Jan 13, 2005)
Microsoft Releases 3 New Windows Security Patches (The Washington Post, Jan 12, 2005)
Another Computer Security Official Quits (The Washington Post, Jan 12, 2005)
More Security News
Sign up for the weekly tech policy e-letter (Delivered every Monday).

Once the attachment is opened, the worm tries to send copies of itself to all of the e-mail addresses that it finds on the victim's computer, faking the return address with one randomly generated from those sifted from the infected PC. It also installs a program that lets attackers connect to infected machines, install malicious software or steal files.

The worm probably is the precursor to more evolved versions that could wreak havoc with small business and home Internet users, computer security experts said.

Carey Nachenberg, chief architect of Symantec Research Labs in Cupertino, Calif., said he expects the worm to continue its rapid spread as more Americans begin sorting through the e-mail that piled up in their in-boxes following the three-day weekend.

"This is coming on hard and fast, and that's usually a bad sign going into a shortened work week," Nachenberg said.

Bagle has spread to computers in more than 100 countries, according to MessageLabs, an e-mail security company in New York City.

FBI officials did not return telephone calls seeking comment on whether law enforcement authorities are investigating the worm's origins.

Bagle also tries to download an unknown program from one of more than 30 Web sites located mostly in Germany and Russia. None of those Web sites was reachable as of Monday afternoon.

A German Internet service provider that hosted one of the Web sites recorded nearly 1 million different Internet addresses trying to connect to the site within a 24 hour period, indicating that as many as a million computers have been infected so far, said Tony Magallanez, a systems engineer for F-Secure Inc., in San Jose, Calif.

CONTINUED    1 2    Next >

© 2004 TechNews.com