spiderwebwoman …

… step into my parlor

New Bagle Downloader spreading like wildfire via email

Filed under: Security — spiderwebwoman at 2:42 pm on Tuesday, May 31, 2005


New Bagle Downloader spreading like wildfire via email
May 31 2005
45,769 copies intercepted in last hour
31 May 2005, 5pm BST – MessageLabs is warning computer users to be on their guard against a new variant of the Bagle downloader which appears to have originated from an address purporting to be within Yahoo! Groups. MessageLabs has intercepted almost 70,000 copies already; first copy was stopped today at 13:24 GMT (14:24 BST).

Within the last hour only (3-4pm BST), 45,769 copies have been stopped.

How it works
This most recent Bagle downloader variant drops a trojan that attempts to download itself from a vast list of locations. Computer users who have been successfully tricked into activating the file attached invoke the virus, which harvests email addresses it finds on the hard drive. The virus then forwards itself onto the list of email addresses it has discovered in the infected computer.

Email characteristics:
Subject lines: <Empty>
Body Text: <Empty>

Once activated, the Bagle downloader variant drops a copy of an executable file onto infected computers, which in turn polls a vast list of URLs for the availability of a new mass-mailing component.

MessageLabs detected this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.

For further information, please visit the MessageLabs website at:

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.