Microsoft calm over new twist in Bagle saga

Microsoft is cautiously optimistic that attempts to spread new variants of the Bagle virus exploiting an older vulnerability in its e-mail products will not be successful.

Microsoft is cautiously optimistic that attempts to spread new variants of the Bagle virus exploiting an older vulnerability in its e-mail products will not be successful.

Australian anti-virus vendors have been warning Windows users to make sure their Internet Explorer patches are up to date, after a number of e-mails linked with Bagle.Q and R appeared early today.

Sophos Anti-Virus and MessageLabs today said that the e-mails could trigger PCs running unpatched versions of Internet Explorer to download the virus.

While Microsoft issued a patch for the vulnerability last October, and only a handful of companies had reported being infected through the security hole to Sophos by late today, the company is still appears troubled by the appearance of the new virus propagation method.

Sophos Anti-Virus Australia managing director, Paul Ducklin, conceded that the virus had not spread as rapidly as the security company initially feared but said it issued the warning as it may catch some e-mail users unaware.

"Whilst we weren't expecting it to be come terribly widespread we did want to make it clear to people that this was an infection technique that, if they were used to looking out for al the other Bagles, they needed to add to their armoury of defences," said Ducklin.

Microsoft Australia, Security Lead, Ben English, today said it was important for Microsoft customers to keep their system patches up to date, but expressed some surprise at the anti-virus vendor's level of concern.

"I'm personally surprised it's been raised here as a problem we've had critical alerts subsequent to this, I'm surprised this is an issue [anti-virus vendors] want to talk about," said English.

English pointed out that while it was impossible to know how many unpatched machines remained exposed to the threat, in this instance the software titan had a significant lead over virus authors.

The e-mail exploits a security hole in Internet Explorer, discovered last year, which allows hackers to run arbitrary code on their victim's machines whilst they're viewing maliciously designed Web sites and HTML-based e-mails.

MessageLabs was today warning people to be suspicious of emails that: posed as warnings; contained links to Web sites; and arrived from fake or "spoofed" email addresses.

Ducklin recommended that anyone who was uncertain about whether they were using a vulnerable version of Internet Explorer to block TCP port 81 to prevent the malicious code downloading the virus.