Previous | Next

New variant of the famous Bagle virus found

Added: (Wed Mar 02 2005)

New variant of the famous Bagle virus found.

Mar. 2nd 2005  Of late there has been an increase in the variants that are
been found in the wild of the famous Bagle worm that infect computers.

The latest variant is called Bagle.BE. Bagle.BE will gather email
addresses from a central server that generates dynamically a random list of
email addresses. The worm will poll the server address periodically and will
download a file that is saved as `eml.exe` in the Windows folder. The IP
address of this server is static. The last time checked the server had
nearly 50 email addresses. It then sends an email to all these email
addresses from the infected computer.

The worm attaches a file from its body to the emails that it sends out. This
file is a ZIP archive containing a downloader component. When extracted, the
archive drops a file named `Loader/doc_01.exe`. This file is detected as
`Email-Worm.Win32.Bagle.bb`.

MicroWorld has listed the new worm at a risk level of Medium for now and
is monitoring the same.

Please see the following description for more information:
http://www.mwti.net/virusnews/virusalertd.asp?id=557

Submitted by: Find out more. Disclaimer: Pressbox disclaims any inaccuracies in the content contained in these releases. If you would like a release removed please send an email to remove@pressbox.co.uk together with the url of the release.