Sophos researchers have revealed that a newly discovered version
of the Bagle worm (W32/Bagle-K), which is
spreading in the wild, masquerades as a seemingly legitimate email
from your business's IT department.
Emails sent by the worm use a variety of different phrases in
their subject line, and message body, to suggest to users that a
problem has been found with their email account. Users are advised
to click on the attached file (which can have a number of different
combinations) for further information. In a crafty twist to give
the message more credibility, references are made to the company's
domain name to suggest the email has come from the business's
internal IT department.
As an example, here is how the worm could appear if your
company's domain name was XYZCORP.COM:
An example of the kind of email which can be
sent by the Bagle-K worm
"By using a variety of disguises the Bagle-K worm attempts to
lure unwary staff into double-clicking on the attachment," said
Graham Cluley, senior technology consultant for Sophos. "This is a
real headache for IT departments who often struggle to get their
users to follow instructions. In this case, following the advice of
the email would be a very bad idea."
Sophos recommends companies automatically update their corporate virus
protection, and filter attachments which may contain malicious code
at the email gateway. Sophos
PureMessage is capable of quarantining password-encrypted ZIP
files at the email gateway, as well as providing comprehensive
protection against viruses and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.