Old-School Bagle Worm Spotted in Modern Spam Campaigns

[silversurfer]

Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time.

Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the infected computer and can be used to download and execute other malware from the internet.

The bad code was first seen in January 2004, and since then has morphed to spawn plenty of different variants. Despite having so many malware options to choose from, the latest campaigns are going old-school, according to researchers at Comodo, writing in a posting on Monday. They involve the use of the very first two variants of the worm, Bagle.A and Bagel.B.

These arrive in peoples’ inboxes in password-protected .zip files; the password is given to the victim in the body of the email. It’s a more simplistic approach than what’s been seen with some later Bagle variants that eschew the attachment tactic.

Source: https://threatpost.com/old-school-bagle-...ns/139746/