IDG News Service - Antivirus software companies are again warning e-mail users about a new version of the widespread Bagel virus, which is spreading on the Internet through infected e-mail messages and targeting machines running the Windows operating system.
Bagle.U is the 21st version of an e-mail worm that first appeared in January. Unlike earlier versions of the worm, the new variant eschews tricky subject lines or enticing messages, hiding in a file attachment to otherwise blank e-mail messages. Once the attachment is opened, Bagle.U opens a back door to infected systems, mails copies of itself to e-mail addresses it steals from the user's computer and even launches the Windows Hearts card game, antivirus companies said.
Thousands of copies of the new Bagle variant were first spotted today, following what is believed to be an initial e-mail "seeding" of the virus, according to iDefense Inc., an IT security services company in Reston, Va.
Citing the number of infected e-mails, Network Associates Inc.'s Antivirus Emergency Response Team rated Bagle.U a "medium" threat. Antivirus company F-Secure Corp. in Helsinki, Finland, rated the latest version of Bagle a "Level 2" threat, indicating "large infections," F-Secure said.
As with earlier versions of the Bagle worm, the virus code is contained in an executable (.exe) format file with a randomly generated name. Users must double-click on the file to open it, and many organizations block e-mail containing executable files from reaching users' in-boxes.
Once launched, the Bagle worm installs itself on Windows systems, begins listening for instructions on communications Port 4751 and connects to a Web site in Germany to report the identity of the infected machine to the worm's author, F-Secure reported.
Bagle is one of a series of worm families that have been plaguing e-mail users in recent months. New versions of Bagle as well as Mydoom and Netsky have been surfacing on an almost daily basis since January, prompting a frenzy of activity among antivirus researchers who must identify and develop antidotes for each new variant.
Experts are at a loss to explain the recent proliferation of worms, though some have cited an apparent "war" between the authors of the Bagle and Netsky worms as the motivation for the release of many of the variants.
The latest is programmed to stop spreading on Jan. 1, 2005. However, at least one antivirus expert expects many new versions of Bagle to be released in the coming weeks.
"Bagle.U will not be the last Bagle worm we see. Get ready to relearn your ABCs as we head into theAA-AZ series of Bagle worms," said Ken Dunham, director of malicious code at iDefense, in an e-mail statement.
Multiple, contemporary variants of the same malicious code will help the latest worms succeed in the wild, Dunham said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
