[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 18 February, 2004, 16:56 GMT
'Gamer's virus' aims to hit users
Screengrab of Ultima Online, EA
Bagle.B might have been written by a gamer
A miserable month for Microsoft is continuing with warnings about yet another Windows worm.

Anti-virus companies have issued alerts about Bagle.B that is starting to appear in large numbers.

Like many other recent viruses it harvests addresses from the popular Outlook e-mail program and sends messages using its own e-mail engine.

Bagle.B also installs a backdoor in infected machines that could give some remote control over compromised PCs.

New virus, old tricks

Bagle.B is a variant of the original Bagle that was circulating in January this year.

The original Bagle posed as a calculator and tricked people into opening it.

Like its predecessor, and many other recent viruses, Bagle.B is triggered when a user opens the attachment on the e-mail bearing the malicious code.

As well as plundering e-mail address books, the virus also opens up a backdoor to give the virus' creator access to infected machines.

From: (spoofed address)
Subject: ID (random characters)... thanks
Message: Yours ID (random characters)--Thank
Attachment: (random file name).exe
Any computer falling victim to the virus also reports its infection to a series of compromised websites, most of which are based in Germany.

Anti-virus firms speculate that the creator of the virus is a keen gamer as the malicious program uses settings associated with Ultima Online. Also one of the sites that infected machines report to is all about computer games.

The virus is programmed to stop sending out e-mail after 25 February.

It is then expected to move into its second mode in which infected machines will be used as relays for spammers.

Efforts to combat spam mean that anyone wanting to send large amounts of e-mail must find an innocent machine to do it for them.

Since it was first seen on 17 February mail filtering firm MessageLabs has stopped more than 95,000 copies of the virus and infections have been seen in 66 countries.

It can infect machines running Windows 95, 98, ME, NT, 2000 and XP. The virus is known as Bagle.B as well as Alua@mm and Tanx-A.

Despite the sudden growth in Bagle.B numbers MessageLabs is still catching more copies of the Mydoom.A even though that virus was supposed to stop sending out infected e-mail messages on 12 February.

Security firms do not expect Bagle.B to become as widespread as Mydoom and urge people to update anti-virus software to ensure they are not caught out by the bug.

Mydoom mutants mount new attacks
10 Feb 04  |  Technology
'Protect PCs' Microsoft users told
11 Feb 04  |  Technology
Microsoft dodges Mydoom onslaught
03 Feb 04  |  Technology
Mydoom virus starts to fizzle out
04 Feb 04  |  Technology
Bounty on creators of e-mail worm
28 Jan 04  |  Technology
Q&A: The Mydoom virus
29 Jan 04  |  Technology
Bagle virus hides as calculator
19 Jan 04  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific