More Worms Inch Across the Internet
New versions of the Bagle and MyDoom worms surfaced on the Internet this week, and appear to be spreading.
Bagle.AI and MyDoom.N are both so-called "mass mailing" worms that use a built-in SMTP engine that sends e-mail messages carrying worm-infected file attachments from computer to computer on the Internet, both using faked (or "spoofed") sender addresses, antivirus companies say.
The new worm variants are just the latest in a string of virus releases in recent days that have antivirus software companies scrambling to keep their customers protected.
W32.Bagle.AI first appeared Monday and is rated a "medium" threat by McAfee's Antivirus Research Team, citing reports of the virus from customers. McAfee rates MyDoom.N a "low" threat, whereas Computer Associates International notes the prevalence and destructiveness of the worm.
Similar to earlier versions of Bagle, the AI variant spreads through shared file folders and in e-mail messages carrying the worm file as an attachment, according to advisories from Sophos and McAfee.
E-mail messages generated by the worm used forged (or "spoofed") sender addresses and the subject line "Re:" Worm-infected file attachments might be in .zip, .exe, .scr, .com, or .cpl and also have nonspecific names like "Moreinfo," "Details," or "Readme," antivirus companies say.
Infected file attachments use one of a short list of names including "MP3," "Doll," and "Cat."
The worm can also send copies of itself as a password-protected compressed file with a .zip extension. The password needed to unzip the .zip file is contained in a second file with a .txt, .ini, .doc, or other extensions, McAfee says.
The MyDoom.N worm uses spoofed sender addresses such as "postmaster," "Post Office," and "MAILER-DAEMON" that make the e-mail resemble a rejected message.
MyDoom.N messages also have nondescript Subject lines such as "hello," "hi," and "delivery failed." Virus file attachments have names like "readme," "mail," "text," and "attachment." File extensions include .cmd, .bat, .com, .exe, and .zip, McAfee says.
Antivirus companies issued updated virus definitions that can detect the new Bagle and MyDoom variants and recommended that customers update their antivirus software.