New Bagle Worms Spread Source Code

“The Bagle author started strewing its source code the long, holiday weekend, a move that analysts say may mean a mean summer for computer users. Two new versions rolled out over the weekend — Bagle.ad and Bagle.ae — that are similar in form and function to earlier variants. What’s new is that some copies of the worm arrive with extra baggage: its source code, unencrypted. While the worm packs its own assembly language source code, it’s encrypted. But the worm may also carry an additional payload, an in-the-clear copy of the source code in a compressed file named ‘source.zip.’ Not every copy of Bagle comes with source code,’ said Joe Telafici, the director of operations for McAfee’s anti-virus research team. ‘A certain percentage does, however, so the author’s either setting up a smoke screen or dropping the source to give plenty of ‘script kiddies’ the chance to make changes.’