Bagle and MyDoom worms gain new family members, Sophos comments

July 22, 2004 Sophos Press Release

Two new worm variants, W32/Bagle-AI and W32/MyDoom-N, were released in the wild earlier this week, infecting Windows computers around the world at a steady pace. The release of these new worms ensures that these virus families continue to snag new victims with each new variant. Sophos issued protection in the early hours of Tuesday morning.

Bagle-AI is an email-aware worm which forges sender addresses to confuse recipient over the worm's origin. Its subject and message bodies give the impression that the attachment contains pictures, music or information about certain animals, which may suggest that the authors are targeting younger, less security-conscious computer users. This variant of Bagle can sometimes arrive inside a password-protected zip file, where the required password is in the body text, increasing the perception that the email is legitimate.

MyDoom-N, also email-aware, attempts to fool recipients into thinking the message is an automated mail delivery communication. It opens a backdoor onto the infected machine, allowing unauthorised users to access the computer remotely without the user's knowledge. Backdoors can be used by spammers, turning the infected machine into a spam generator, or by hackers intent on stealing sensitive or financial information about the user.

"With new variants of the Bagle and MyDoom families steadily emerging and infecting computers around the globe, it's vital that businesses keep their anti-virus software updated," said Sean Richmond, Manager, Technical Support, Sophos Australia and New Zealand. "Unlike humans, anti-virus software is not fooled by social engineering tricks such as duping users into double-clicking dangerous attachments."

Sophos's anti-virus products not only stop known viruses at the gateway, but its threat reduction technology allows you to block all executable code from being delivered to mailboxes, ensuring that future email threats cannot reach the computers and infect them.