Posted: 27 January 2005 at 1:04pm | IP Logged
Two new versions of the Bagle e-mail worm are spreading on the Internet and through
peer-to-peer file-sharing networks, according to warnings issued on Thursday by
antivirus software companies.
< src="http://pagead2.googlesyndication.com/pagead/show_ads.js" ="text/">
The latest Bagle variants, Bagle.AX and Bagle.AY, are
the 50th and 51st versions of the original Bagle worm, which appeared in January
2004. Like the first Bagle, sometimes spelled "Beagle," versions AX and AY
spread in executable files and infect machines running Microsoft's (Profile, Products, Articles) Windows
operating system, antivirus companies said.
Users launch the worm and
infect their systems by opening an infected file in an e-mail message or a
shared folder on a p-to-p network, according to an alert from Symantec (Profile,
Once released, the worm modifies Windows so that the
worm file is launched whenever Windows starts. It also harvests e-mail addresses
from the infected computer's hard drives, then mails copies of itself out to
those addresses, faking the "from" address on e-mail messages it sends,
according to an advisory from F-Secure (Profile, Products, Articles) of
Copies of Bagle.AX and Bagle.AY arrive in messages with
subjects such as "Delivery service mail," "Registration is accepted" and "You
are made active," F-Secure said.
The virus file is disguised in files
with exe, scr, com and cpl extensions and names such as "Jol03," "upd02,"
"zupd02" and the like.
On computers that are running p-to-p file sharing
software, the virus copies itself into folders that begin with the letters
"shar," which could be file-sharing folders used to swap files on the networks.
The worm file is disguised as popular software or pornography, with names like
"Adobe Photoshop 9 full.exe," and "XXX hardcore images.exe."
companies issued updated virus definitions that enable their products to detect
the new versions of Bagle and advised customers to update their software as soon