Mytob, Bagle Variants on the Prowl

Kimberly Hill,
Wed Jun 1, 1:17 PM ET

Security firms are reporting a jump in the number of variants of the Mytob and Bagle e-mail viruses.

Mytob uses its own e-mail engine to mail itself to addresses in the contact list of infected computers. Bagle downloads Trojan code from a variety of Web sites and then uses that code to gather e-mail addresses from infected computers.

Fortunately, neither virus is particularly damaging.

New and Old

When new versions of viruses appear, said Thomas Kristensen, CTO of security firm Secunia, they often contain enough code from the previous versions that anti-virus software is able to detect them even if its virus definition tables have not been updated.

Such is the case with Bagle. Its new iterations appear to be encountering significant resistance from virus software currently in place on networks and individual computers. Bagle currently has about 70 variants and has been circulated on the Internet since January of 2004.

The new variants of Mytob, however, seem to be more successful. "Some of the variants have been able to escape previous patterns," Kristensen said, allowing them to spread more quickly than the new Bagle variants.

Usual Tricks

Both viruses depend on users who do what security experts for years have been warning them not to do: Clicking on attachments in e-mails delivers the payload for both viruses. "These are fairly normal virus outbreaks," said Kristensen.

"Socio-engineering" is the term used by experts to describe how writers of malicious code trick users into launching viruses delivered via e-mail. In the case of one of the new Bagle variants, the infected e-mails have no subject line and no message text. An attached ZIP file retrieves the Trojan code when opened.

Copyright © 2005 NewsFactor Network, Inc.