Press Releases

Browse our press release archive

03 Mar 2006

Bagle-DO mass-mailing worm threatens lawsuit

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a new version of the Bagle worm which poses as a lawsuit against the recipient.

The W32/Bagle-DO worm spreads in emails with subject lines such as "Pay your debts before we come to you", "Call to your lawer immidiately", "Lawsuit against you," and "We wait your response". The emails urge the recipient to open the attached file (which can be called lawsuit.exe, explanation.exe or documents.exe), but if it is executed the worm installs itself on the PC and looks for other computers to infect via email and peer-to-peer file-sharing systems.

The worm chooses from a variety of messages to send, all claiming to be about different types of legal action. Messages include one that claims the recipient's company sent an unsolicited commercial fax without permission. Another claims the recipient's company conducted an unsatisfactory car service which resulted in a fire.

A typical message sent by the Bagle-DO worm>

A typical message sent by the Bagle-DO worm.

"People who receive this viral email won't necessarily believe that it was intended for them or their company, of course, but they may wish to advise the apparent sender that they have sent the message to the wrong person. If anyone opens the attached file, however, they risk infecting their computer and passing on the pox to others," said Graham Cluley, senior technology consultant for Sophos. "Internet users need to be more careful about what emails they trust, and which files they choose to open on their PC. Proper security like up-to-date anti-virus software is a must. With more malware being written than ever before, unwary computer users are risking putting their data at risk."

The Bagle-DO worm also attempts to spread via P2P file-sharing systems as nude pictures of actress Kate Beckinsale, or erotic photographs of celebrity hotel heiress Paris Hilton and pop starlet Britney Spears.

Sophos has been protecting businesses against the W32/Bagle-DO worm since 01:30 GMT on 3 March 2006, but has so far not seen a large number of reports of the malware spreading in the wild.

Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.