Bagle Worm Back With A Vengeance

Just as security experts were beginning to see threats from known Bagle variants Bagle.af and Bagle.ab fizzle out, two new variants, Bagle.ah and Bagle.ag, appeared, each more destructive than their predecessors.

Both Bagle.ah and Bagle.ag rate as severe threats, but only Bagle.ah appears to be spreading quickly, according to security firm Panda Software, Glendale, Calif.

First detected Monday, Bagle.ah threatens the Windows XP, 2000, NT, ME, 98 and 95 operating systems.

Bagle.ah "opens a port and waits for remote connections, ends processes belonging to antivirus programs and firewalls, and connects to Web pages that contain PHP scripts," Panda security experts explained in an alert. "By doing so, it allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work."

Bagle.ah spreads via an array of different e-mail messages, as well as through peer-to-peer file sharing programs. It is difficult to recognize because it does not display a message or warning that would indicate it has infected a computer, according to Panda.

Bagle.ag attacks and exploits computers in a similar fashion to Bagle.ah. However, Bagle.ag only infects systems running the Windows XP, 2000 or NT operating systems, according to Panda.

More information on both worms, including remediation procedures, can be found at Panda Software's Web site.