Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bagle/Beagle Variant Includes Source Code

Posted by timothy on from the let's-call-it-shared-source dept.

NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants. It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee. ZDNet ran a story that covers these new variants."

14 of 219 comments (clear)

  1. Scripting exploit by News+for+nerds · · Score: 1, Interesting

    I haven't RTFA, but is it rare that you see exploit code in VBscript or WSH which is inherently Open Source on Windows?

  2. Re:Pretty please by ObsessiveMathsFreak · · Score: 5, Interesting

    A much better solution would be to turn the computer into a spam zombie that only spams itself. After a few thousand spam messages from themselves cloud their inbox, they might actually realise, "Oh, This IS annoying!"

    --
    May the Maths Be with you!
  3. Re:ouch by EvilCowzGoMoo · · Score: 3, Interesting
    Speaking from expierence, once source code is released there realy is no limit to how many varients we can expect.


    Bots in particular have sky rocketed. In the last few months alone we have seen names jump from two letter varients (bot.ay) up to 4! (bot. wrzq) Do the math, its an insane number.


    One of the major contributing factors are virus generators! Yes there are programs out there that will write the bot for you!


    On the other hand, because they are all variants of the same family, they are fairly easy to keep the AV software up to date to catch even the latest variants early.

  4. Seen it... by lachlan76 · · Score: 4, Interesting

    Seem Familiar?

    In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.

    And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.

    Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.

    1. Re:Seen it... by ScouseMouse · · Score: 2, Interesting

      Its social conditioning.

      Most people tend to think that only other blokes are so pathetic as to sit in front of a computer all day and write viruses. Girls obviously all have a life, and have better things to do.

      To be fair, this does seem to backed up by the FBI's arrest record.

      Of course it could just be because the girls are smarter and dont get caught.

    2. Re:Seen it... by lachlan76 · · Score: 2, Interesting

      I'm not an AV person, nor do a have a copy of Beagle, but if the source code is not encrypted, then you have an easy target to look for.

      And besides, it gives the new people something to practice with ("Here's a copy of Bagle, explain how it works, and find a way of detecting it.").

  5. Something I shoulda Done by PakProtector · · Score: 5, Interesting

    This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.

    So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.

    Sounds good, right? But read on. My second idea is better.

    Here it is:
    Viral Anti-Virus Software.
    Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.

    You know how most people click 'Yes!' to anything that pops up, a la Gator?

    Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"

    And just to hold with custom:
    Step One: Create Virus.
    Step Two: JAIL!
    Step Three: PROFIT!

    --

    Edward@Tomato - /home/Edward/ man woman
    man: no entry for woman in the manual.
    "Qua!?"

  6. Re:Source by Technician · · Score: 2, Interesting

    Where is the source?

    I don't know, but the Department of Homeland Security, the FBI, and the CIA are looking for them also.

    --
    The truth shall set you free!
  7. Re:CVS w by SuneSpeg · · Score: 4, Interesting

    Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.

    About time to try that concept again ?
    I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.

    Consider pro/cons

    + you could patch most of the vulnerable systems by including the official M$ patch
    + inform the user that the pc is victim of a virus and lead him/her to a virusscan.
    + remove the original virus, or some of the variants.
    + save bandwidth/spam for each pc fixed [1]

    -generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
    -would be illegal

    Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm .

    beagle.sourceforge.net might not be the proper place for it though :)

  8. Whats the motive by nmk · · Score: 2, Interesting

    I have often heard people say that Linux and OS X are more secure due to obscurity. I was just wodering if one can, perhaps, look at the situation from a different perspective. Geeks have hated MS for a long time, and they are the ones who have the technical skills to exploit Windows vulneribilities. The internet has finally given them a way to attack MS with their limited resources.

    One is often made to believe that Windows viruses and trojans are primarily the work of scrip kiddies and that windows is simply targetted becuase it is the dominant platform. Is it possible that we are seeing the beginning of something more incideous than this. Perhaps a large percentage of these attacks are the work of people who simply want to hard Windows public image.

    I know some of this may sound obvious (a "no shit sherlock" situation). However, I have never really seen the problem discussed from this perspective. I know that most responsible Geeks on this forum condemn computer viruses. However, there are a lot of pissed off people out there and this is the easiest way to hit MS. It just takes a bit of decent code (in the evil sense) and you can cause the loss of countless millions to the customers of MS.

    I think that if this is the case, then Windows will eventually fall. Nobody will be able to create an OS that can withstand the combined wrath of the world Geeks. Just food for thought.

  9. Re:Pretty please by drinkypoo · · Score: 2, Interesting

    That outlook worm a while back did mail random samples from someone's document collection out. As the ratio of pornography to other documents on the system rose, the likelihood of the system sending out one's porn increases, so it should be a self-controlling system...

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  10. Re:CVS w by SuneSpeg · · Score: 2, Interesting

    Indeed it was, but it sure also had some flaws. Learning by the mistakes of it, and write a smarter anti-virus-virus, im sure you could generally benefit from it. Personally i prefer to see a little log entry in my firewall, than 500 pieces of spam in my inbox. No doubt its an unusual approach, but what other (working) methods do you suggest to wipe out 50 new variants ?

  11. I'm surprised . . . by WhiteWolf666 · · Score: 2, Interesting

    that the killer worm hasn't come yet.

    Seriously.

    Not that I'm looking forward to that day, as it means that I'll spend a WHOLE lot of time fixing other people's computers :( :( :( :( :(

    But all the 'I Told You Sos' might be worth it.

    Given that these worms are getting to be pretty sophisticated in how they spread (IIS server exploit ->IE activeX exploit), and given that although MS does a 90% good job in patching them, the poor rate of patch (what? patch my computer? but it works fine), and total reluctance to switch to non-MS products (The VP of our company refused to switch from MS, even after the CERT warning. "Why would I want Mozilla or something? MS just released a patch for that problem you are talking about"), I'm STUNNED that someone hasn't gone nuts, and torched the Windows World(TM).

    No terrorist group, no crazy psychotic hackers, no insane foreign governments.

    No Russian organized crime group holding a corporation hostage.

    Nothing. Nada. Zilch.

    Strange.

    I still think its coming. Perhaps I'm just a pessismist, but I think that 'cyberwar' may still be on our horizon, and even if you, Ms. Super-Smart-Geek is able to protect your system, 90% of the windows world will not be able to.

    And instead of spam, we'll see permanent bios corruption, or something else, that will simply f*ck their computers.

    I'm scared of it, anyways. I only hope that it happens far enough in the future that I can earnestly say, "I can't fix that, I using Windows back in the 2000-era, I don't know anything about your XP-SE, your Longhorn, etc. . . "

    I spend too much of my time on service calls as it is, for my parents, for my officemates, for my relatives, and for my friends.

    I try to 'train' them on how to manage a system properly, but its honestly hopeless.

    I'm pretty savy, but back in the day when I ran them, my Windows systems STILL got screwed up sometimes (not often, but occasionally).

    I can totally understand (but not sympathize) when my sister comes back to me and her laptop has got a bazillion pop-up-ware things installed.

    I'll feel bad for her when/if her laptop gets trashed by a virus, but.... I told her to get a mac.....

    Oh well, ce la vie.

    I'll live through the storm, anyways, and so will my backups of the company data.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  12. Re:CVS w by einhverfr · · Score: 2, Interesting

    *sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.

    Also many of the mass mailers do stop and try to disarm other mass mailers. This is not uncommon becuase it prevents the virus from being detected if someone doesn't update their AV until they find one that is old enough to be in the signature files.

    Such an Anti-virus-virus, would just be another of these viruses. No more or less.

    --

    LedgerSMB: Open source Accounting/ERP