Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a new version of the Bagle worm which has spread widely
in the last few days. Sophos is advising users to ensure their
anti-virus protection is up-to-date to protect against attacks.
Sophos has received many reports of the W32/Bagle-CH worm being
spammed out in emails as a ZIP file attachment. When spreading via
email the worm disguises itself by using the message text
"February Price" and the subject line
At the time of writing, the Bagle-CH worm accounts for 10% of
all viruses spotted at Sophos's global network of monitoring
stations, making it the third most commonly encountered email
Users opening their email may be at risk from infection and
hacker attack if not properly protected. Once the worm has infected
a computer, it attempts to disable anti-virus and other security
The worm also attempts to spread itself via file-sharing
networks, posing as a number of different files, including a beta
of Windows Longhorn, hardcore pornography, or a copy of Adobe
"We are seeing an increasing number of reports of this virus at
email gateways around the world, but those with defenses in place
should have little to fear," said Graham Cluley, senior
technology consultant for Sophos. "Computer users should learn
never to open unsolicited email attachments. With over 2300 new
viruses, Trojans and spyware programs discovered in the last month
alone its essential for businesses to automate their virus
protection against the latest malware menaces, and ensure they have
a policy in place at their email gateway to control what arrives in
their users' inboxes."
Another recent version of the Bagle worm, W32/Bagle-CJ, can
disguise itself as an email message from the Symantec online store,
and attempts to spread via P2P file-sharing systems as nude
pictures of actress Kate Beckinsale, or erotic content related to
Paris Hilton and Britney Spears.
Sophos has been protecting businesses against the W32/Bagle-CH
worm since 15:06 GMT on 7 February. W32/Bagle-CJ has been protected
against since 18:40 GMT on 9 February 2006.
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware
and spam threats and secure their desktops and servers with
automatically updated anti-virus protection.