Virus uses Client/Server approach!
One feature of these new detected variants of Bagle is to use infected computers to seed out emails with the downloader program as an attachment. So in addition of sending out emails with the virus, they send out emails with a downloader which won't spread further. Lots of them.
So far, we've seen 4 different downloaders and several different Bagles...
There's something else too. These new Bagle variants are using a client / server architecture to spread further. What? A Client / Server virus? Yes.
Normally Bagle variants search the local hard drive to find email addresses to send itself to. These new variants connect to a web back-end. The back-end server will then return 50 unique email addresses that it generates using directory harvest techniques. The virus will then send a copy of itself to these addresses and loop over. We come accross lots of them here in Belgium but I don't call this an enormous outbreak...
So far, we've seen 4 different downloaders and several different Bagles...
There's something else too. These new Bagle variants are using a client / server architecture to spread further. What? A Client / Server virus? Yes.
Normally Bagle variants search the local hard drive to find email addresses to send itself to. These new variants connect to a web back-end. The back-end server will then return 50 unique email addresses that it generates using directory harvest techniques. The virus will then send a copy of itself to these addresses and loop over. We come accross lots of them here in Belgium but I don't call this an enormous outbreak...
posted by Eddy Willems at 10:11 am
<< Home