The Trouble With BAGLEs

Researchers at antivirus and content security firm Trend Micro discovered two new variants of the notorious BAGLE family of Worms. Although WORM_BAGLE.BQ and WORM_BAGLE.BS have not caused a high number of infections, they are utilizing a relatively new technique adding a downloader between the Trojan and Worm components as part of a tri-component technique which enables a far more dynamic spreading mechanism and a higher potential for damage. Although security experts first saw this technique in mid-September with a series of other BAGLE variants, its re-emergence suggests that this could become more prominent and destructive in the future.

According to Jamz Yaneza, Senior Research Engineer at Trend Micro, the URLs to which the code points are continuously changing to prevent the downloader from being detected. At times they appear to be down, then they are brought back up again. This appears to give the author enough time to repack the code, thereby modifying the identifying file, he said.

Security experts warn that these new variants could possibly mark the beginning of a concerning trend. A future variant with a slightly better refined propagation technique including the use of a packer with polymorphic capabilities and utilizing an established Bot network could lead to a significant number of infections.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter