Sophos, a world leader in protecting businesses against viruses
and spam, is warning computer users about the latest variant of the
Bagle worm - Bagle-U (W32/Bagle-U). First seen
in the early hours of today, the mass-mailer is spreading steadily
across the globe.
Bagle-U has no subject line or message body, and the infected
attachment has a randomly generated name. In an interesting twist,
when the attachment is launched, the worm opens Microsoft's Hearts
game on the infected PC. The worm also searches the computer's hard
disk and sends itself to email addresses it finds. Able to open a
backdoor onto infected computers, Bagle-U allows unauthorised
remote users, such as hackers, to gain access. This backdoor might
also be used to update the worm.
"The Bagle variants just keep on coming," said Carole Theriault,
security consultant at Sophos. "By opening a backdoor, this latest
version compromises an infected user's confidentiality, while
potentially turning the computer into a zombie for hackers to
Continuing the theme of viruses with multiple variants, Netsky-P
first seen on 22 March 2004 is still spreading widely. The worm
speads via email and shared folders, and with a trigger date of 24
March 2004, has begun to mass mail itself to harvested email
"Although the Netsky-Bagle battle for
supremacy seen early this month has died down, Netsky-P seems to be
continuing the fight, with attempts to disable variants of the
Bagle worm," continued Theriault.
Sophos recommends companies protect their email with a
consolidated solution to thwart the threats of spam and viruses as
well as secure their desktop and servers with automatically updated
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.