A new Variant of the Bagle virus has been discovered in the wild. We reported last month of the original worm, and the new mass-mailing worm has appeared in moderate numbers.
It uses crude social engineering and carries an executable attachment with the WAV file icon. Once executed it will harvest addresses from local files and spoof the from address, so may appear to come from a known sender. It attempts to download a backdoor from remote web sites. The worm will de-activate on 25th February.
It goes also by the aliases: W32/Bagle-B, W32.Beagle.B@mm, Win32.Bbgle.B@mm, WORM_BAGLE.B, W32/Tanx-A
The details of the mail are below:
Subject: ID <random>... thanks
Message body:
Yours ID <random characters>
Attachment: <random name.exe> with the icon of a wav file
At the moment, the incidence of this worm is low, but we will monitor the situation and bring you news of any developments.
|
|
Reader Comments: 0
