Massive outbreak of aggressive new Bagle worm var.

Monday, 1 November 2004, 10:33 am
Press Release: Nod32

FOR IMMEDIATE RELEASE
AUCKLAND NZ - October 29, 2004

Massive outbreak of aggressive new Bagle worm variant.

Today, a massive epidemic of an aggressive new Bagle worm hit the Internet, spreading fast and infecting thousands of machines.

At 07:51 this morning (Central European Time) a new virus was detected on NOD32’s Virus Radar project (www.virus-radar.com).

Initially, around 50 samples were detected in the first hour, but it quickly became obvious that the spread was going to be massive, as in the second hour, over 3400 were detected and further analysis showed that the virus was a new, and highly aggressive version of the Bagle worm, which NOD32 named Win32/Bagle.AS.

Subsequently, a further two variants were discovered - both detected with NOD32’s Advanced Heuristics - Bagle.AT and Bagle.AU, of which .AU is now also spreading.

Less than 2 hours after heuristic detection, at 09:40 (CET), an update was released to provide exact named identification and removal for each variant, and a description of the major variant Bagle.AS was posted to the NOD32 website.

“The massive proliferation of the new worm is probably due to it having its own mass-mailing routine. When the worm is active on an infected computer it will attempt to stop some antivirus and firewall applications running on the machine, so this will increase it’s chances of survival, as some products will not update and detect it.” said Andrew Lee, Senior Vice President of Global Support at NOD32.

Win32/Bagle causes a serious security breach by opening Port 81 on the computer and a random UDP port, and listens for instructions to be sent to it. The worm will be deactivated on an infected computer automatically after causing damage for 20 days. Based on the code analysis, the life cycle of the worm will end on April 25, 2006.

Advertisement - scroll to continue reading

A free cleaning tool for the worm is available at
http://www.nod32.it/cgi-bin/mapdl.pl?tool=BagleAS

Tracking the threat on the virus radar shows the rapid growth of this worm in hours after initial heuristic detection, as can be seen in this hourly breakdown.

29.10.2004 7:00 53
29.10.2004 8:00 3409
29.10.2004 9:00 11235
29.10.2004 10:00 30424
29.10.2004 11:00 74236

Currently, the virus radar shows that around 1 in 20 messages contain the Win32/Bagle.AS worm

Rather fittingly, this morning, NOD32 received the news that they had been awarded their 29th VB100% award, a record breaking unbroken run, unmatched by any other anti-virus product, for detecting all viruses in the wild.

The exceptional advanced heuristic capabilities of NOD32, which at last measure, could detect over 88% of all viruses in-the-wild without the need for an update, are a major part of that success.

ENDS

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Nod32 on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

John Mazenier: Gaffer Tape And Glue Delivering New Zealand’s Mission Critical Services

Every debt, eventually, has to be repaid. Right now, the day of reckoning is fast approaching for one of the most crippling, but least discussed, debts burdening government across New Zealand – technical debt. Technical debt is the cost of generations of incremental investments in legacy technologies to tease additional functionality or life from them.

Earthquake Commission: Ivan Skinner Award Winner Inspired By Real-life Earthquake Experience

Witnessing the human cost of the Canterbury earthquakes inspired Ben Exton to become an earthquake engineer and find solutions to make New Zealand homes more resilient against future seismic events. Exton last week received the Ivan Skinner Award at the New Zealand Society of Earthquake Engineering (NZSEE) annual conference to recognise his innovative work as a practitioner and to support his qu

Reserve Bank: Consultation Opens On A Digital Currency For New Zealand

Te Pūtea Matua is continuing its exploration of a central bank digital currency. “We are calling this ’digital cash’. It would be a new type of money in addition to the banknotes and coins we have today, and the electronic money in your bank account,” Director of Money and Cash – Tari Moni Whai Take Ian Woolford says.

NIWA: Ship Anchors May Cause Extensive And Long-lasting Damage To The Seafloor, According To New Research

NIWA anchored their research vessel in Wellington Harbour and observed in real-time how its anchor changed the surrounding environment. Study leader NIWA geophysicist Dr Sally Watson says they saw broomstick-like scarring on the seabed.

New Zealand Customs Service: A Step Forward For Simpler Trade Between New Zealand And Singapore

The New Zealand Customs Service has signed an arrangement with Singapore that will help to make trade simpler for exporters. The Arrangement on Facilitating Safe and Efficient Trade sets out a framework for developing and strengthening practical cooperation on trade and the use of emerging technology.

Horizon Research: 68% Say Make Banks Offer Fraud Protection

68% (2,785,000 adults) believe the government should regulate to make sure banks offer fraud and cybercrime protection to customers. These are among findings of a new study, conducted in the public interest by Horizon Research, on bank fraud and cybercrime.

Join Scoop Pro

Submit News

Become a Member