Bagle/Beagle Variant Includes Source Code

NASAdude writes "Sunday brought a lot of fireworks... and the release of two new Bagle/Beagle variants. One of the variants includes a copy of its source code as an attachment as it spreads via email. It is expected the inclusion of the source will result in numerous variants. It's been dubbed Beagle.Y and Beagle.Z by Symantec and Bagle.ad and Bagle.ae by McAfee. ZDNet ran a story that covers these new variants."

CVS

[BenBenBen]

beagle.sourceforge.net doesn't have it :(

Re:CVS

[dave_mcmillen]

Laugh if you will, but I for one applaud this new era of open source viruses . . . Wait . . . Oops, my "open source = good" reflex was triggered before my brain had a chance to think about it.

Re:CVS

[dasmegabyte]

Brings new meaning to the term "viral licensing."

*b'dum-chik*

Title

[Sepper]

Reading title fast, I thought that NASA had released some source code... *sigh*

Re:Title

[rjw57]

You mean the UK Universities which made Beagle2 ?

Not everything space-related is NASA you insensitive clod! :)

Re:Title

[akadruid]

Not everything space-related is NASA you insensitive clod! :)
You can tell NASA's attempts from UK Universities with this simple test.
Did space object in question:
a. Crash and burn due to problems with the metric system or
b. Vanish without trace

If a then object is of NASA origin, if b, then non-NASA.
Hope this helps clear up any confusion.

Pretty please

Can someone please make a variant that makes users regret not patching their systems? Like, overwrite the BIOS, turn ones into twos in all spreadsheet documents, delete all JPGs, MP3s and AVIs, send a resignation to boss@yourdomain.com and a log of your online banking transactions to the FCC, donate 10 bucks each to the KKK and THEN put up a screen which lists all that.

Re:Pretty please

[ObsessiveMathsFreak]

A much better solution would be to turn the computer into a spam zombie that only spams itself. After a few thousand spam messages from themselves cloud their inbox, they might actually realise, "Oh, This IS annoying!"

Re:Pretty please

[JosKarith]

Nope. The best idea would be to search for .mp3's, or .jpg's that have a lot of "flesh tones" and corrupt them.
After all, killing someone's OS is annoying, but deleting someone's pr0n collection is tantamount to declaration of war.
Either that or randomly e-mail samples from said collection out as well as copies of itself with a header "Do you know what has hidden on his computer?"
I really shouldn't be giving people ideas should I...

Re:Pretty please

[anon*127.0.0.1]

Oddly enough, had something like that happen to one of our agents. He called in to complain that he couldn't get any work done. Every few seconds, his PC would pop up a little window saying "Scanning outgoing EMail" and lock up for a moment. Then the window would disappear and everything would be back to normal. Until the window reappeared.

Turned out he'd picked up a mass mailing virus. He had Norton AV installed, but hadn't wanted to pay to keep his virus defs updated. Norton was scanning every outgoing EMail, but didn't see anyting it recognized and let them all pass through.

I told the guy he'd have to pay to update his virus defs in order to fix the thing. Actually, Norton offers a free remover for that particular virus, but I didn't want the guy calling me back in another two weeks with a different virus.

How long...

[rjw57]

How long until SCO sues Bagle's author for copyright infringement....

Shared source

[Snaapy]

Funny.

If you try to google Bagle assembler "source code"

you'll get

Microsoft shares source code with students - ZDNet UK News

Re:ouch

[DrEldarion]

It's okay, the source code is in assembler, so all the script kiddies will just look at it in confusion like it's some strange alien language.

Re:Scripting exploit

[I+confirm+I'm+not+a]

VBscript or WSH which is inherently Open Source on Windows?

<nitpick>Open-source is a type of licensing; VBScript is a language, and WSH a technology, not licensing regimes. Typically the source-code for a VBScript app is distributed with the application, but not necessarily - it might be obfuscated - but might well be subject to proprietary licensing restrictions.

Just because you can see the source code doesn't make it open source. Open source implies certain freedoms that are additional to being able to see the code: the right to modify and redistribute the code, for example.

</nitpick>

That's to make prosecution more difficult

[Advocadus+Diaboli]

So far you could spot a viurs author by the "evidence" that he had the source code of the virus on his PC. Now everybody has the source. I guess we need bigger jails soon.

Re:ouch

[mpost4]

Read teh artical, it says it is commented to help people understand what is going on aka think of this

(example given in MIPS since it is the only assembler I know)

li $24 1025 # this line loads into the register 24
## the port to be explorted (in this case port 1025)

well think about this the kiddy scripter does not need to know that li is load imedate but all he needs to know is 24 is the register, do not touch, and 1025 is the port, change to a new port to try.

Re:ouch

[EvilCowzGoMoo]

Speaking from expierence, once source code is released there realy is no limit to how many varients we can expect.

Bots in particular have sky rocketed. In the last few months alone we have seen names jump from two letter varients (bot.ay) up to 4! (bot. wrzq) Do the math, its an insane number.

One of the major contributing factors are virus generators! Yes there are programs out there that will write the bot for you!

On the other hand, because they are all variants of the same family, they are fairly easy to keep the AV software up to date to catch even the latest variants early.

Seen it...

[lachlan76]

Seem Familiar?

In all seriousness, having the source code can't be a bad thing, since this way, it'll be easier to stop if we understand how it works.

And at least if we all get a virus, there is a good programmer behind it, and it's less likely to crash on all of us.

Normally I'd consider virus writers the scum of the earth, but this one is talented enough to be a professional hacker, from my limited experience with assembly language (512 byte boot sector on a FD). Not that I endorse email worms, but this guy has talent.

The real question is...

[atomic-penguin]

What license is it released under?

Something I shoulda Done

[PakProtector]

This just brings to mind an idea I've had for a long time now. And it's in no way an unique idea, I know that for a fact.

So here's the idea: Write a variant of one of these viruses. And he's what it does. When it infects a machine, it sends out copies of itself to every person in the address book. After that, it forces the machine to download some sort of Anti-Virus software. PC-Cillin or NOD32 are favorites of mine. It installs them, then forces a Windows Update.

Sounds good, right? But read on. My second idea is better.

Here it is:
Viral Anti-Virus Software.
Most virus recognition is based on Pattern Recognition, from what I have garnered from my research. Create a virus that spreads like wildfire -- kind of like Melissa and Code Red spread all crazy-fast -- except this little bit of code contains Virus Recognition software in it. It invades unprotected boxen and then starts a continuous scan for Viruses.

You know how most people click 'Yes!' to anything that pops up, a la Gator?

Have this little golden nugget of Illegal Do-Gooding pop up a small dialog saying, "File.Extention is infected with a virus (XX% Probability). Do you wish to delete? Y/N?"

And just to hold with custom:
Step One: Create Virus.
Step Two: JAIL!
Step Three: PROFIT!

Re:Something I shoulda Done

There have been several "anti-virus viruses" that didn't quite work, and ended up being a major pain to deal with.

Re:what about...

Tried to run it once, and it crashed.

this is not news

[ajs318]

All it means is that there are still clueless people using computers. I already know that. Sometimes I think it's a damn shame viruses can't do the kind of real, permanent damage that shocks a clue into people -- if there is such a thing. For once I'm actually wishing for a SCO story.

Please, please, please, I know I'm preaching to the choir here, but please, for crying out loud, please if anyone ever asks you about buying a new computer, just point them towards the nearest Apple authorised reseller. If they complain about the price, point out that the inherent usability and security designed into Mac OS X from the ground up will more than pay for itself in terms of not cursing and screaming at the damn thing every time you boot it up. If that doesn't work, mention that Macs are prettier. If that still doesn't work, give them six months tops before you're saying "I told you so".

Windows may be popular but that doesn't make it any good.

Another one bites the dust...

[mindmaster064]

I'm so glad my entire network is running Linux. :) I swear there is some major virus every goddamn week. Linux has it's own problems, but I am glad I can do something about them. I wonder how long it will take for businesses to realize that running around chasing exploits and viruses isn't a good way to make use of your technical support staff time.

-Mind

Re:Another excuse for MS?

Check the EULA that comes with the virus, it's Shared Source, not Open Source!

Re:Scripting exploit

[johannesg]

Don't you suppose the right to redistribute is granted pretty much automatically for a virus?

Didn't Linus predict this?

[Minwee]

"Only wimps use tape backup. Real men just include their important stuff in a Windows worm and let the rest of the world mirror it."

Re:ouch

[Rithiur]

And in the other news today, new variant of the Beagle virus, Beagle.goatse, opens a easily abusable back door in your system. However, so far it seems that hackers have been unwilling to use this hole to breach into our computer.

Could someone mail me a copy?

[alteridem]

Oh wait, there are a dozen in my inbox already. God you guys are quick, thanks ;)

Re:CVS w

[SuneSpeg]

Actually.. i know its been tried before, i think it was code red/nimda ?, where someone made a patch spreading in same manner, but instead it patched the systems.

About time to try that concept again ?
I know its gonna generate some traffic, but 1 new variant amongst 50+ new others isnt much.

Consider pro/cons

+ you could patch most of the vulnerable systems by including the official M$ patch
+ inform the user that the pc is victim of a virus and lead him/her to a virusscan.
+ remove the original virus, or some of the variants.
+ save bandwidth/spam for each pc fixed [1]

-generate more traffic [1] nothing compared to the current amount of net traffic and spam it generates.
-would be illegal

Worth to consider imho, if you write it properly and not suffer from same flaws as the codered one did. Im sure you could do far more good than harm .

beagle.sourceforge.net might not be the proper place for it though :)

Re:Scripting exploit

[martinthebrit]

Ah Ha. I see the music industry's latest ploy

1. Write self-spreading virus
2. Distribute virus with standard copyright agreement and code
3. ???
4. Sue infected users for copyright infringement and profit!!!

Re:CVS w

[mwood]

*sigh* Please don't release another anti-virus-virus. The last one was at least as much a pain as the one it was supposed to cure.

Re:Don't worry

[johnkoer]

If it's encrypted, how did they find out it's source code? They must have already cracked it.

And the author has already filed his DMCA suit against them for cracking his encryption.

Re:ouch

[JAD+lifter]

Does it also point out where to get an assembler? I suspect that'll be a barrier of entry for a lot of kiddies.

I cannot tell if you are being sarcastic or serious so I will assume that you are serious.
Just about every skript kiddiot out there has a copy of MASM, TASM and/or NASM on his machine. If you do not believe me then you are underestimating the average skript kiddy. Go hang out in some script kiddy message boards or especially IRC and you will see that they may be obnoxious little scum but they are not quite as naive and incompetant as you make them out to be.