The Y version spreads through e-mail and file-sharing networks, reopens the back door on infected machines, and turns these PCs into zombies for DDoS attacks and spamming. Most security software companies are evaluating new viruses at medium risk.
F-Secure (Finland) said that variant Y tried to drill down on a number of different security applications as well as activities related to NetSky worms. The file icon in the virus-like e-mail looks like cherry blossoms commonly seen on three-image gambling machines. Bagle.Y can attach a copy of it as a COM, EXE, SCR and CPL file, or as a ZIP archive with password protected, even VBS or HTA files. This diversity of dispersion mechanisms is the biggest difference between the Y version and the earlier Bagle variants. It also attaches a girl image to the mail content to create a reasonable cover. As noted by F-Secure, there are three different types of girls images used by the virus.
Meanwhile, according to Network Associates, the latest variant of the Bagle family is the Z version. The author of the virus wrote a poem for the e-mail attachment. According to Vincent Gullotto, Associate Director of Network Associates' Rapid Response Center, Bagle.Z is not spreading fast. "I do not think this variant will last long," he said. "However, the virus also made some remarkable initial advances as it attached a copy to a control panel file. This is an executable file that the previous Bagle virus authors did not use. This method allows it to penetrate into a number of different environments. "
Z is the latest in a long-running virus that experts say is part of a confrontation between two groups of hackers, Bagle and NetSky (also known as SkyNet). In a recent release, NetSky's creator claims to continue releasing new versions as long as the Bagle worm survives. However, as NetSky spawned up to six new variants in April, Bagle released a few new versions. Virus experts say that NetSky's source code has been widely publicized on the Internet, so the appearance of many variants of the worm is a work of more than one person.
Poem in the Bagle.Z virus e-mail only four English sentences:
"Unique people make unique things
That things stay beyond normal life and common understanding
The problem is that people do not understand such wild things,
Like a man never understand the wild life. "
Adding poetry to the virus is not a new technique. In the early 1980s, the first Apple II virus was capable of displaying a poem in the 50-cycle cycle of the computer.
As usual, users are advised to minimize the risk of virus infection by not opening attachments of unidentified letters. Upgrading antivirus signature files is also important for Windows users because Macs and Linuxs are not attacked.
