New Bagle Variant Called Worst of the Year
With little apparent reason for its success rate, e-mail worm Bagle.AI usually arrives in a fashion similar to other variants, with a subject line of "Re:" and a spoofed sending address.Another version of the tenacious Bagle virus is on the loose, and some security experts and administrators say it is among the more persistent viruses theyve seen all year. Bagle.AI, which was discovered Monday, is quite similar to the dozens of other variants in its family, and there seems to be little reason for its success rate. It arrives via e-mail, usually with a subject line of "Re:" and a spoofed sending address. The body text is random, as is the name of the attachment. The attachment has one of several file extensions, including .scr, .exe, .zip, .cpl and .com. In some instances, the Zip file is password-protected, in which case the body of the infected e-mail includes a password, pass and key, all of which are random numbers, according to McAfee Inc.s analysis of the worm. The name of the attachment often contains the term MP3 in one form or another.
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.