A computer worm designed to expire within a week has caught the attention of computer experts who fear it may be a prototype for a much nastier specimen.
The worm – called Bagle A – spreads as an attachment to an email claiming to have come from a computer administrator. If a user executes the program a copy is sent to every address in their email contact book. The worm also installs a Trojan horse application which could be used to remotely control an infected PC.
Unusually, Bagle A is also programmed to stop working on 28 January. Experts worry that this may mean another variant could be released soon after. The Sobig family of worms, released between January and August 2003, were also all designed to stop working on a particular date.
On each occasion, a new variant was released shortly after the previous one expired. Experts believe the creators included this “best-by date” to clear the way for the testing of new functionalities and thereby develop the most effective worm possible.
Advertisement
“The worm does bear some similarities to the infamous SoBig worm,” says Paul Wood, Chief Information Security Analyst at anti-virus company MessageLabs. “Further analysis may confirm whether or not Bagle is the work of the same author.”
Anti-virus companies reported the worm spreading at an “alarming rate” late on Monday although its proliferation has since slowed. The UK-based email filtering company MessageLabs had seen 80,000 instances of the worm pass through its systems in 24 hours by 1200 GMT on Monday. Most corporate firewalls routinely block executable email attachments, so the worm is thought to have been spread by home users.
Graham Cluley, senior technology consultant with anti-virus company Sophos, says it is up to users to prevent Bagle A spreading.
“Computer users should be wary of any programs delivered by email even if they seem to come from a known contact,” he says. “If you email programs around, you should get out of this habit now, as it encourages bad security practice.”
