Bagle E-Mail Worm Spreads
Antivirus software companies are warning of a new computer virus that spreads using e-mail messages and installs a Trojan horse program on machines it infects.
The virus, named Bagle.B, is a new version of a similar e-mail worm that appeared in January and is programmed to spread until February 25, 2004. Antivirus companies say that Bagle.B is spreading rapidly on the Internet and are advising customers to update their antivirus software to spot it.
Like its predecessor, Bagle.B arrives in e-mail messages with randomly generated subject lines. The virus is stored in an e-mail file attachment, also with a randomly generated name, says antivirus company F-Secure of Helsinki.
E-mail recipients who open the file attachment launch the virus, which collects e-mail addresses from files on the infected machine's hard drive and forwards copies of itself to those addresses with a false address in the "From:" field, says antivirus company Sophos.
The worm also opens the Microsoft Windows Sound Recorder, which uses the file name "sndrec32.exe," Symantec says.
Back Door Access
Users who launch the virus also install a Trojan horse program on their computer, which opens a back door that remote attackers can use to control or manipulate files on the infected system, Sophos says.
E-mail security company MessageLabs says it had intercepted more than 17,000 copies of Bagle.B worm by 10 AM EDT on Tuesday. Some of those e-mails may have been part of a spam distribution of the worm, the company says.
Network Associates says its McAfee AVERT (Antivirus Emergency Response Team) was receiving around 20 or 30 copies of the new virus each hour.
Antivirus companies including Sophos and F-Secure posted software tools and advice on how to remove Bagle.B from infected computers Tuesday.