New worm a precursor for future attacks?
Computer security experts fear a new worm which is spreading rapidly across several Asian countries could be a precursor for more concerted attacks in future.
The mass-mailing virus, Bagle-A, arrives as an e-mail message containing the subject line "Hi" and an executable attachment with a random filename. When the attachment is activated by a recipient, the worm installs a program on the user's computer. This allows the worm to be sent to other e-mail addresses found in the system's local address book.
The worm also attempts to installs a backdoor or Trojan on infected machines, listening for activity on port 6777.
According to Daniel Zatz, security director for Computer Associates (CA) Australia, Bagle is due to expire on the 28th of this month, an indication that more robust versions of the worm could be released soon.
He added the new worm has already resulted in an alarming 80 percent jump in queries to CA's help desk in Australia. The virus has also been reported in South Korea by local security services firm Ahnlab.
While the worm has yet to cause worldwide damage, Zatz fears Bagle could be reminiscent of the Sobig virus which flooded global e-mail networks last year.
"One of our biggest concern is that if we look back a year ago at the Sobig variants, they all had drop-dead dates and every time one hits that drop-dead date, a new variant came out; a new and improved variant of it," he said.
Given that most corporate e-mail servers block transmission of executable attachments, Zatz believes that unsuspecting home and medium-sized enterprise users are largely responsible for the spread of Bagle.
However, the fact that Bagle first appeared in Asia-Pacific could help curb its dissemination, said Sean Richmond, support manager with antivirus software firm Sophos Australia and New Zealand.
This gives antivirus companies adequate time to prepare software and procedures for U.S. and European companies before they open for trading, he added.
Users who suspect their computers may be infected should look for a file called "bbeagle.exe" in their Windows System directory. The file disguises itself with a Microsoft familiar calculator icon.
Additional reporting by CNETAsia.