Two new worm variants, W32/Bagle-AI and W32/MyDoom-N, were
released in the wild earlier this week, infecting Windows computers
around the world at a steady pace. The release of these new worms
ensures that these virus families continue to snag new victims with
each new variant. Sophos issued protection in the early hours of
Tuesday morning.
Bagle-AI is an email-aware worm which forges sender addresses to
confuse recipient over the worm's origin. Its subject and message
bodies give the impression that the attachment contains pictures,
music or information about certain animals, which may suggest that
the authors are targeting younger, less security-conscious computer
users. This variant of Bagle can sometimes arrive inside a
password-protected zip file, where the required password is in the
body text, increasing the perception that the email is
legitimate.
MyDoom-N, also email-aware, attempts to fool recipients into
thinking the message is an automated mail delivery communication.
It opens a backdoor onto the infected machine, allowing
unauthorised users to access the computer remotely without the
user's knowledge. Backdoors can be used by spammers, turning the
infected machine into a spam generator, or by hackers intent on
stealing sensitive or financial information about the user.
"With new variants emerging steadily and infecting PCs the world
over, these Bagle and MyDoom families are certainly rattling the
cages of unprotected users," said Carole Theriault, security
consultant at Sophos. "Duping users into thinking a message is
legitimate is an old trick that we should all be wary of, but it
seems to trick some of us into double-clicking. This is why
anti-virus protection is so vital. Unlike humans, software is not
fooled by such social engineering tricks."
Sophos's anti-virus products not only
stop known viruses at the gateway, but its threat reduction
technology allows you to block all executable code from being
delivered to mailboxes, ensuring that future email threats cannot
reach the computers and infect them.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.