Kaspersky Labs, a leading information
security software developer is
warning users about I-Worm.Bagle, a new Internet worm detected in the
wild. The worm spreads via email with a random sender address.
Kaspersky Labs has received reports of infections from around the world;
Bagle is causing a significant outbreak.
The worm is a Windows EXE file about 15
KB in size attached to emails
with random sender addresses. The subject, "Hi", body, "Test =)" and
signature "Test, yep" are constant, whereas the name of the attachment
Once the worm is launched, it copies
itself into the Windows directory
and attempts to download and launch Mitglieder, a Trojan proxy server,
on the infected machine. This proxy server allows the 'master' to use
the infected machine as a platform to send more copies of the malicious
code. Currently, all links to Internet sources for downloading
Mitglieder are deleted. Thus, I-Worm.Bagle cannot use this technology
to increase propagation speed.
As a result, at this time, I-Worm.Bagle
is using a technique standard
for Trojan programs. Bagle scans the file system on infected machines
for files with extensions wab, txt, htm and r1. The worm then sends
copies of itself to all email addresses that it uncovers, using a built
in SMTP server.
Kaspersky Anti-Virus databases have
already been updated with protection
More detailed information about this
malicious program can be found in
the Kaspersky Virus Encyclopaedia.
Kaspersky Labs Corporate Communications
10, Geroyev Panfilovtsev St, Moscow,
Tel.: +7 095 948 56 50; Fax: +7 095 948 43 31
E-mail: firstname.lastname@example.org; http://www.kaspersky.com;
Visit Kaspersky Labs Virtual Press Office
Return to main menu