Latest Bagle worm turns PCs into card-playing zombies, Sophos comments

Sophos Press Release

Sophos, a world leader in protecting businesses against viruses and spam, is warning computer users about the latest variant of the Bagle worm - Bagle-U (W32/Bagle-U). First seen in the early hours of today, the mass-mailer is spreading steadily across the globe.

Bagle-U has no subject line or message body, and the infected attachment has a randomly generated name. In an interesting twist, when the attachment is launched, the worm opens Microsoft's Hearts game on the infected PC. The worm also searches the computer's hard disk and sends itself to email addresses it finds. Able to open a backdoor onto infected computers, Bagle-U allows unauthorised remote users, such as hackers, to gain access. This backdoor might also be used to update the worm.

"The Bagle variants just keep on coming," said Carole Theriault, security consultant at Sophos. "By opening a backdoor, this latest version compromises an infected user's confidentiality, while potentially turning the computer into a zombie for hackers to use."

Continuing the theme of viruses with multiple variants, Netsky-P (W32/Netsky-P), first seen on 22 March 2004 is still spreading widely. The worm speads via email and shared folders, and with a trigger date of 24 March 2004, has begun to mass mail itself to harvested email addresses.

"Although the Netsky-Bagle battle for supremacy seen early this month has died down, Netsky-P seems to be continuing the fight, with attempts to disable variants of the Bagle worm," continued Theriault.

Sophos recommends companies protect their email with a consolidated solution to thwart the threats of spam and viruses as well as secure their desktop and servers with automatically updated anti-virus protection.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at