Still, experts say many of the sites listed in Bagle's internal code never hosted any of the phishing or spamming software and were probably used as decoys to throw anti-virus researchers off their trail. Nevertheless, those sites were just as affected by the deluge of traffic from Bagle victims.
The Web site for Union Hospital in Elkton, Md., appears to have been one such decoy. Hospital officials directed inquiries about the incident to the site's Internet service provider, Hunt Valley, Md.-based System Source.
at 10:45 AM
Unlike "network" viruses that exploit security holes, e-mail worms like Bagle trick people into opening e-mail attachments that contain the virus. Most worms can fake the "from" address so they appear to come from someone you know. If you receive an e-mail with an attachment that you weren't expecting, think twice before clicking the link. If the attachment filename ends in ".com," ".cpl," ".exe" or ".scr," it is almost certainly a virus. Most anti-virus software can scan incoming mail for viruses. You could also save the file to your computer and then scan it with anti-virus software.
Infected computers tend to operate sluggishly or erratically, though they sometimes show no obvious symptoms. If you are concerned that your computer could have a virus and don't have up-to-date anti-virus software installed, there are several free options:
Panda Software offers a service that will scan your computer remotely and remove any viruses it finds (works only with Internet
Computer Associates offers a free one-year subscription to its anti-virus product
McAfee also offers a free tool called "Stinger" that can search for and eliminate numerous pests from your computer
-- By Brian Krebs
System Source co-owner Robert Roswell said the hospital's Web address, www.uhcc.com, received thousands of hits per second at the height of the attack, cutting off public access to the site for more than 24 hours. Roswell declined to say how much the attack cost, but said the company "put an enormous amount of defensive energy into keeping the site alive."
"Let's just say we blew through about 10 years' worth of service contracts defending the hospital from this attack," he said.
No Relief in Sight
For the first three weeks of 2005, anti-virus companies saw only minor outbreaks of mass-mailing worms. But on Jan. 26, virus authors unleashed a major outbreak with several new versions of the Bagle worm. Within 24 hours, the amount of spam generated by Bagle-infected PCs increased from 140,000 junk e-mails to more than 1 million a day, according to Symantec, which recently acquired anti-spam company Brightmail.
Experts say there are precious few signs that e-mail worms or the spam and scams they facilitate will fade away in the near future. The instructions for creating custom versions of Bagle and many of today's most successful e-mail worms now are freely available online.
Virus authors also will continue to exploit weaknesses in commercial anti-virus software, most of which must be constantly updated with new "definitions" to be able to detect the latest viruses and worms. This allows the virus writers to stay a step ahead by releasing slightly different versions of their creations just hours apart.
At the beginning of 2004, anti-virus companies took an average of 12 hours to release new definitions following a viral outbreak, according to MessageLabs, a British anti-spam company. By December 2004, that window of opportunity had shrunk by less than two hours, MessageLabs said.
Still, the biggest contributor to the future success of such viruses will continue to be new, inexperienced Internet users, thousands of whom venture forth each day worldwide, said Mikko Hypponen, director of anti-virus research at F-Secure Corp. in Helsinki.
"There are new users coming online all the time who know nothing about the risks of owning a computer and getting on the Internet," Hypponen said. "We're going to be fighting these e-mail worms for quite some time."