The Bagle botnet
A virus analyst from Kaspersky Lab has posted a timeline of the Bagle worm, showing how the worm has changed over the past year. Bagle, a mass mailer, has been prolifically spreading through the Internet over the past year. It's an interesting worm to study because you can see the evolution of the writer's techniques, clues to the motivation behind the creation, and hints at what is next to come.
January 18, 2004 Email-Worm.Win32.Bagle.a appears. This new malicious program immediately causes a worldwide epidemic. No one in the antivirus industry was sure what the author's plans for his creation might be.
A detailed analysis of Bagle.a code showed that it would cease propagating on January 29, 2004. Kaspersky Lab analysts decided this meant that new versions were bound to appear. The first modifications of Bagle did indeed appear within a month.
Each new version contained new features which made it harder to detect and/or caused a more serious outbreak - that is, more machines were infected.
Source: The Bagle botnet, by Yury Mashevsky, Virus Analyst, Kaspersky Lab, posted on April 22, 2005.
The comments to this entry are closed.