MicroWorld Report: New Variant of the Bagle Worm found in the
wild.
The new variant of the in famous Bagle worm has been found in
the wild on the Internet. The worm is spreading across the
Internet via emails. It arrives with the infected message as a
zip file approx. 17 KB in size. The name of the attached file is
newprice.zip, price.zip or price2.zip. The zip file actually
contains an executable file which is the actual worm. The
infected message generally has a blank subject line.
The new variant of the Bagle worm in unable to propagate on its
own and the infected messages have been mass mailed using some
spamming technologies.
The worm has a list of URLs that it checks regularly to see if
certain files have been placed on these websites. If the file
has been uploaded to any one of these websites it will upload
itself to the users machine. What it can do is then either
update itself or install and run other malicious programs on the
uses machine. The will also delete the registry entries of
antivirus programs and firewalls installed on the users machine
to prevent the user from running these programs to stop or
remove the worm.
MicroWorld recommends to all its customers to ensure they have
the latest updates for their eScan and MailScan range of
products that they provide on an hourly basis to secure them
from any attack from this worm. Others can download the free
scanning tool MWAV (MicroWOrld Antivirus Toolkit Utility) to see
if they are infected with this worm.