IDG News Service - Antivirus companies are warning of another virulent new version of the Bagle e-mail worm, dubbed Bagle.AG.
The new Bagle version was first detected Saturday and is very similar to earlier versions of the worm, which spread through shared file folders and in e-mail messages carrying the worm file as an attachment, according to advisories from Sophos PLC and McAfee Inc. McAfee rated the virus a "medium" threat, citing reports from several customers.
E-mail messages generated by the worm used forged (or "spoofed') sender addresses and vague subject lines such as "Re:," "fotogalary," "Lovely animals" and "Screen." Worm-infected file attachments might be in .zip, .exe, scr or other common formats and also have nonspecific names like "Moreinfo," "Details" or "Readme," antivirus companies said.
Infected file attachments use one of a short list of names including "Foto3," "Secret," "Doll" and "Cat."
The worm can also send copies of itself as a password-protected compressed file with a .zip extension. The password needed to access the .zip file is displayed in a bitmap image file that is embedded in the e-mail message's body, Sophos said.
In recent months, virus writers have used .zip archives and password-protected archives to hide their creations and fool antivirus software trained to look for particular virus signatures like a file size or name. The compressed files are used to shrink one or more larger files, often for transmission on disk or over the Internet. Recipients must decompress or "unzip" the attachments to view the worm file, which they must open to become infected.
When run, Bagle.AG harvests e-mail addresses from files stored on the infected computer's hard drive and installs its own Simple Mail Transfer Protocol engine, which is used to send out large volumes of infected e-mail messages from the machines.
Like earlier versions of Bagle, the AG variant also copies itself to Windows folders that could be used by file-sharing programs, using a long list of names to disguise the worm file on peer-to-peer file-sharing networks as popular downloads such as Adobe Systems Inc.'s Photoshop image editing program, the Matrix Revolutions film and pornography.
Antivirus companies issued virus definitions to detect the new Bagle version and recommended customers update their antivirus software.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
