A new variant of Bagle is spreading rapidly, security companies have warned.
Rather than being a mass-mailing worm, BagleDl-L is a Trojan horse that damages security applications and attempts to connect with a number of Web sites. It has been sent via spam lists to millions of addresses in the past 12 hours, said security company McAfee, which has upgraded it to a "medium" risk.
The new variant could also have boosted overall Bagle traffic, which has increased five times in the past 24 hours, e-mail security vendor Postini said Tuesday.
The attempt to disable security protection could expose systems to a variety of threats. "Any Trojan horse which turns off your antivirus or firewall can open you up to further attack, even by very old viruses," Graham Cluley, senior technology consultant for antivirus company Sophos, said in a statement.
Unlike a mass-mailing worm, the Trojan does not self-propagate, but the security companies have highlighted it because a high number of e-mails containing it have been detected.
Although the Trojan horse doesn't spread itself, the code is similar to other variants of the Bagle worm, which is why Sophos marked it a descendent of that program, Cluley said in an interview.
According to Sophos antivirus company F-Secure, the Web sites that the new Bagle links to currently contain no malicious code. However, Trojan and worm writers have been known to add malicious code to a Web site after the initial attack has calmed down, said Craig Schmugar, a senior virus research manager for McAfee.
For this Trojan to work, a certain amount of naivete is required on the part of victims because the e-mails contain a ZIP-file attachment that must be opened to display the programs "doc_01.exe" or "prs_03.exe," which must be run manually to infect a computer.
"This Trojan horse is aiming to take advantage of people's reflex reaction when they receive an executable file via e-mail," Cluley said in a statement. "Users who want to install software on their computer should be receiving it from their IT department, not from friends at other companies or potentially dangerous spam mailings."
The detection of BagleDl-L comes just days after Send-Safe.com, which offered spamming tools, was kicked off Internet service provider MCI's network. Send-Safe is said to use PCs that have been compromised by Trojan horses to propagate spam.
Dan Ilett of ZDNet UK reported from London. CNET News.com's Dawn Kawamoto and Robert Lemos contributed to this report.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation