cancel
Showing results for 
Search instead for 
Did you mean: 

Warning – new Bagle variant in the wild

N/A

Warning – new Bagle variant in the wild

Warning – new Bagle variant in the wild

MessageLabs, the leading provider of managed email security services to businesses worldwide, is warning computer users against the W32/Bagle.C-mm worm, another variant of the Bagle worm family.

Name: W32/Bagle.C-mm
Number of copies intercepted so far: 14, 521
Time & Date first Captured: 27th Feb 2004, 21.44 GMT
Origin of first intercepted copy: Korea

W32/Bagle.C is a mass mailing worm that harvests email addresses from infected machines and uses its own SMTP engine to propagate. The sender field of the email is spoofed, making it difficult for computer users to identify the source of the message. This worm also incorporates a remote access Trojan capable of alerting a remote hacker of the compromised machine.

Similar to previous incarnations of the worm, W32/Bagle.C will check the date and if later than 14th March 2004 will delete itself without propagating.

Email characteristics:

Subject: Various, including:

· Accounts department
· Ahtung!
· Camila
· Daily activity report
· Flayers among us
· Freedom for everyone
· From Hair-cutter
· From me
· Greet the day
· Hardware devices price-list
· Hello my friend
· Hi!
· Jenny
· Jessica
· Looking for the report
· Maria
· Melissa
· Monthly incomings summary
· New Price-list
· Price
· Price list
· Pricelist
· Price-list
· Proclivity to servitude
· Registration confirmation
· The account
· The employee
· The summary
· USA government abolishes the capital punishment
· Weekly activity report
· Well...
· You are dismissed
· You really love me? he he

Text: No message body

Attachment: Randomly named ZIP file, containing an executable disguised as an Excel file.

Size: 16 kilobytes

Ivan