- 19 January 2004 14:12
New Bagle-A Worm Arrives in Australia
19 January 2004.
Sophos, a world leader in protecting businesses against spam and viruses, is warning of a new worm called W32/Bagle-A, which has already been spotted at a number of sites in Australia. The worm arrives in an email with the subject "Hi", and contains a message which looks like this:
Attached to the email is a program file with a random name. This file has the icon of the Windows Calculator, and if you run it, the calculator will indeed pop up on your screen – after the worm has gone to work. The worm saves itself into your System folder under the name "bbeagle.exe".
"The Bagle worm disguises itself as a 'techie-looking' test email," warns Sean Richmond, Sophos's Support Manager for Australia and New Zealand.
"The attachment it carries looks like the Windows Calculator and appears to behave like the calculator – but it isn't. You should be wary of any programs delivered to you by email, even if they seem to come from someone you know. If you are an IT techie who likes to email programs around, you should get out of the habit, as it sets low standards for your users."
Sophos has published information about and protection against this worm: http://www.sophos.com.au/virusinfo/analyses/w32baglea.html
Sophos recommends the use of email gateway software such as Sophos MailMonitor and Sophos PureMessage, which can block all programs, whether infected or not, in order to enforce safe computing practices. Further guidelines for "safe hex" are available from Sophos: http://www.sophos.com.au/virusinfo/articles/safehex.html
FOR FURTHER INFORMATION: Sean Richmond (email@example.com) is available for comment: +61 2 9409 9161 (tel) +61 2 9409 9191 (fax)
Sophos's press contact at Gotley Nix Evans is: Michael Henderson (firstname.lastname@example.org) +61 2 9957 5555 (tel) +61 413 054 738 (mobile) +61 2 9957 5575 (fax)