New Bagle e-mail worm on a roll

Antivirus software companies are warning of a new computer virus that spreads using e-mail messages and installs a Trojan horse program on machines it infects.

The virus, named Bagle.B, is a new version of a similar e-mail worm that appeared in January and is programmed to spread until Feb. 25, 2004. Antivirus companies said Tuesday that Bagle.B is spreading rapidly on the Internet and advised customers to update their antivirus software to spot it.

Like its predecessor, Bagle.B arrives in e-mail messages with randomly generated subject lines. The virus is stored in an e-mail file attachment, also with a randomly generated name, said antivirus company F-Secure Corp. of Helsinki.

E-mail recipients who open the file attachment launch the virus, which collects e-mail addresses from files on the infected machine’s hard drive and forwards copies of itself to those addresses with a false address in the “From:” field, said antivirus company Sophos PLC.

The worm also opens the Microsoft Windows Sound Recorder, which uses the file name “sndrec32.exe,” Symantec Corp. said.

Users who launch the virus also install a Trojan horse program on their computer, which opens a back door that remote attackers can use to control or manipulate files on the infected system, Sophos said.

E-mail security company MessageLabs Ltd. said it had intercepted more than 17,000 copies of Bagle.B worm as of 10 AM EDT on Tuesday. Some of those e-mails may have been part of a spam distribution of the worm, the company said.

Network Associates Inc. said its McAfee AVERT (Antivirus Emergency Response Team) was receiving around 20 or 30 copies of the new virus each hour.

Antivirus companies including Sophos and F-Secure posted software tools and advice on how to remove Bagle.B from infected computers Tuesday.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now