New Bagle email worm on a roll

Antivirus software companies are warning of a new computer virus that spreads using email messages and installs a Trojan horse program on machines it infects.

Antivirus software companies are warning of a new computer virus that spreads using email messages and installs a Trojan horse program on machines it infects.

The virus, named Bagle.B, is a new version of a similar email worm that appeared in January and is programmed to spread until February 25, 2004. Antivirus companies say that Bagle.B is spreading rapidly on the internet and advised customers to update their antivirus software to spot it.

Like its predecessor, Bagle.B arrives in email messages with randomly generated subject lines. The virus is stored in an email file attachment, also with a randomly generated name, said antivirus company F-Secure of Helsinki.

Email recipients who open the file attachment launch the virus, which collects email addresses from files on the infected machine's hard drive and forwards copies of itself to those addresses with a false address in the "From:" field, says antivirus company Sophos.

The worm also opens the Microsoft Windows Sound Recorder, which uses the file name "sndrec32.exe," Symantec says.

Users who launch the virus also install a Trojan horse program on their computer, which opens a back door that remote attackers can use to control or manipulate files on the infected system, Sophos says.

Email security company MessageLabs says it had intercepted more than 17,000 copies of Bagle.B worm as of 10am EDT on Tuesday (4am yesterday, NZ time). Some of those emails may have been part of a spam distribution of the worm, the company said.

Network Associates says its McAfee AVERT (Antivirus Emergency Response Team) was receiving around 20 or 30 copies of the new virus each hour.

Antivirus companies including Sophos and F-Secure posted software tools and advice on how to remove Bagle.B from infected computers Tuesday (US time).

Join the newsletter!

Error: Please check your email address.

Tags worm

More about F-SecureMcAfee AustraliaMessageLabsMicrosoftSophosSymantec

Show Comments
[]