News

Bagle Comes Back

Bagle is back and security industry insiders say new developments with the mass-mailing worm will probably cause headaches for Windows administrators all summer.

Bagle first appeared in January and has been modified so many times that anti-virus firms are on their second trip through the alphabet in labeling the variants. Over the July 4 weekend, two new variants appeared, Bagle.AD and Bagle.AE.

Bagle is best known as one of the mass-mailing worms that accounts for much of the flood of e-mail with subject lines like Re: Document or Re: Thank You. With its backdoor opening capabilities, Bagle is believed to have been designed to create large networks of zombie machines for distributed denial of service attacks or for sending spam.

What is new in the latest variants is that they deposit a copy of Bagle's source code on infected boxes. The move is widely believed to be an effort by the Bagle author to hide his tracks (source code on your computer looks bad when the investigators come knocking). A MyDoom variant author did the same thing earlier this year. It happened with NetSky as well, although it may not have helped the alleged author. An 18-year-old was arrested in Germany and accused of writing Sasser earlier this year. The same person is suspected of writing NetSky, too.

The NetSky case could be of particular concern to Bagle's author, since the worm writers may have known each other. Bagle and NetSky each contained criticisms of the skills behind each other's code.

The Bagle source, written in assembly, shows sophistication on the part of the author. With the source code in hand, however, creating new variants enters the realm of the script kiddies' expertise. We may be able to look forward to a third pass around the alphabetical horn for the Bagle variants this summer.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.