New Bagle variant seen in the wild

After an initial outbreak of the virus, the infection seems to be slowing

Antivirus software companies late yesterday and early today began warning e-mail users that the persistent Bagle virus has re-emerged in a new version, Bagle.AF or Beagle.AB.

The virus comes in the form of a password-protected .zip file and has the password included in the message body as plain text or within an image. According to antivirus company F-Secure Corp. in Helsinki, Finland, Bagle.AF has functionality similar to that of Bagle.Z, indicating that the author of Bagle.AF had Bagle.Z's source code.

The first Bagle virus, which spread throughout the Internet via infected e-mail messages and by targeting machines running Microsoft Corp.'s Windows operating system, was discovered in January. Since then, it has continually been popping up with new variants and has been given a plethora of names by the various antivirus companies. In March, a variant -- which had three names: Bagle.U, W32/Bagle.n@MM and W32/Beagle.m@MM -- struck the Internet and foiled users with a small bitmap image to escape detection by antivirus programs.

F-Secure upgraded Bagle.AF to its "Radar Level 2" alert early this morning after receiving several samples of it from infected users in North America and Europe, according to Mikko Hypponen, director of antivirus research at F-Secure.

"The beginning of the outbreak looked pretty bad, as the initial burst of infections was big and worldwide," Hypponen said in an e-mail. "However, since then, the amount of infections has leveled out and we don't expect this to become any bigger problem. It seems that the virus was seeded much more aggressively than some of the other recent Bagle variants."

Trend Micro Inc. in Tokyo rated the risk from the Bagle variant as "medium," though it said the damage and distribution potentials of the virus are high. McAfee Inc. in Santa Clara, Calif., raised its risk assessment to "medium-on-watch" and warned that it had the potential of being upgraded to a high-risk threat. As of late yesterday, McAfee had received more than 100 reports of the virus, most of them from the U.S.

Symantec Corp. upgraded its warning on what it is calling W32.Beagle.AB@mm to a "Level 3" after it received 66 submissions of infections from customers, 17 of those being from corporate customers.