Bagle and MyDoom worms gain new family members, Sophos comments

July 21, 2004 Sophos Press Release

Two new worm variants, W32/Bagle-AI and W32/MyDoom-N, were released in the wild earlier this week, infecting Windows computers around the world at a steady pace. The release of these new worms ensures that these virus families continue to snag new victims with each new variant. Sophos issued protection in the early hours of Tuesday morning.

Bagle-AI is an email-aware worm which forges sender addresses to confuse recipient over the worm's origin. Its subject and message bodies give the impression that the attachment contains pictures, music or information about certain animals, which may suggest that the authors are targeting younger, less security-conscious computer users. This variant of Bagle can sometimes arrive inside a password-protected zip file, where the required password is in the body text, increasing the perception that the email is legitimate.

MyDoom-N, also email-aware, attempts to fool recipients into thinking the message is an automated mail delivery communication. It opens a backdoor onto the infected machine, allowing unauthorised users to access the computer remotely without the user's knowledge. Backdoors can be used by spammers, turning the infected machine into a spam generator, or by hackers intent on stealing sensitive or financial information about the user.

"With new variants emerging steadily and infecting PCs the world over, these Bagle and MyDoom families are certainly rattling the cages of unprotected users," said Carole Theriault, security consultant at Sophos. "Duping users into thinking a message is legitimate is an old trick that we should all be wary of, but it seems to trick some of us into double-clicking. This is why anti-virus protection is so vital. Unlike humans, software is not fooled by such social engineering tricks."

Sophos's anti-virus products not only stop known viruses at the gateway, but its threat reduction technology allows you to block all executable code from being delivered to mailboxes, ensuring that future email threats cannot reach the computers and infect them.