'Bagle' Worm Heading For A Windows PC Near You
mrSinclair writes "the 'Bagle' or 'Beagle' worm is expected to hit the U.S. by midweek, probably Tuesday as many employees return from a three-day weekend." He points to this Washington Post story (via Yahoo!), which describes the Windows mass-mailing worm as being transmitted via email as an .exe attachment and as installing "a program that lets attackers connect to infected machines, install malicious software or steal files." The article says Bagle has been detected in more than 100 countries. Other readers have sent in links to coverage at the BBC and at SearchSecurity.com.
Norton's bloodhound module is usually pretty good at detecting unknown viruses. At the very least, I'd hope that it is capable of preventing the application from being run.
And since I know everyone is already readying their "Ah ha! Windows sucks!" posts, remember that running unknown code is NOT a good idea on ANY operating system. The virus doesn't exploit any massive windows bug. If everyone used Linux instead of Windows, then the virus writers would write viruses for linux instead!
BTW: two fixes are already avilable for this virus:
Free, but worth thousands more: FreeBSD, Linux, and more...
Pricey, but worth every penny: Mac OS X
We have moved most of our lab machines from Windows to OS X in the past few months and the time I have spent having to patch, test patches, roll back updates due to problems with Windows has been reduced drastically. I can't mention how successful this migration/switch has been in terms of productivity gains, peace of mind, etc... With OS X, you plug stuff in and it works.
Its true that OS X costs more money than say Linux installed on our previous machines, but OS X is a true desktop OS that allows one to keep all of their UNIX apps as well as provides the slickest desktop OS around allowing for use of popular apps such as Office (yes, Microsoft Office for OS X is actually quite nice, so stop your whining), Photoshop, Filemaker etc... while allowing for our compute intensive work on scientific apps as well.
Visit Jonesblog and say hello.
...to spoof SMTP with. Or it takes addresses from infected users' address books and spoofs with those. There's no other explanation why someone I've never heard of got this email from what appeared to be my address. A Win32 worm is incapable of running on my hardware. PowerPC chips don't take to kindly to Intel machine code.
I mod down pyramid schemes in sigs.
The perl5-porters list has already been hit by this virus resulting in 200+ messages being posted over a period of two to three hours yesterday. Additionally, it was reported on this list by Elizabeth Mattijsen on this list here that the Gnome XML list has similarly been affected.
From the SearchSecurity article:
The worm is also called "Bagel" and "Beagle." The writer has included the word "beagle" throughout the code, but antivirus researchers have tweaked the name to avoid calling it what the writer presumably named it.
Why do the researchers avoid calling it what the author named it?
Granted, the 'bug' is in the user. However Firebird/Thunderbird (for Windows) will not let you run executables directly from the client. They make you save to disk and run it your own damn self. Tis' not a solution but the extra step would weed out the stupid AND lazy leaving just the plain stupid to propogate the virii. :)
LilMikey.com... I'll stop doing it when you sto