The Bagle tries to disable a number of anti-virus programs and personal firewalls and attempts to delete and copies of the rival Netsky worm it finds. Once in place, it listens in on port 81 for incoming commands from its hacker master, and tries to download a file from a long list of hacker or compromised sites. Such characteristics usually mean that the worm's author will try to load additional software onto infected PCs, like Trojan horses or other backdoor components so he can control the machine remotely and add it to his bot list of slave systems.
This version, however, also has some new tricks up its sleeve.
It can, for instance, modify itself before re-mailing to the next victim, a tactic used to throw off both users and anti-virus signatures. It searches for applications on a hard drive and "borrows" icons, which are then combined with some garbage data as a decoy.
This Bagle also tries to disable the Security Center service (named "wscsvc") in Windows XP Service Pack 2, Microsoft's newest operating system update. SP2's Security Center is a dashboard-like display that keeps track of the status of anti-virus and firewall defenses. If Bagle manages to shut down such protections on the compromised PC, for instance, and also disables the center, users won't be aware (or receive alerts) that there's anything amiss.
Even so, the new Bagle isn't reason for panic, said one analyst. "Although [it] appears to be spreading fairly rapidly, impacting both consumer and enterprise users, there's nothing to indicate that this threat is significantly different from previous variants," said Vincent Weafer, the senior director for Symantec's security response team.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
