Bagle worm

Bagle variants on the prowl

A new version of Bagle worm is being spread rapidly in the past 24 hours using random chosen names programmed into it. One of the version known as Bagle-KL spreads as an encrypted .zip email attachment with a password.

The worm attempts to disable various security applications and download
malware from one of 99 different Web sites.

It spreads using a subject line randomly chosen from 118 different names programmed into its code. The list of names includes Ann, Anthonie,Constance, Emanual, Frances, Geoffraie, Harrye, Humphrie, Judith, Margerie,Michael, Nicholas, Robert, Winifred, Johen, and Thomas. The .zip file titles include Edmund.zip, Nicholaus.zip, Dorithie.zip, Henry.zip, Daniel.zip, Nycholas.zip, Judeth.zip, Sybyll.zip, Winifred.zip, Bennett.zip, and John.zip. Encrypted inside the attached Zip file is a copy of the worm.


The body of the email can contain phrases such as "I love you" or "To the beloved," with advice on the five-digit password that should be used to open the .zip file. The password is also sent as an embedded image in the email.

You are advised to resist the temptation of opening unsolicited attachments, and ensure your antivirus protection is kept up to date.

WhatIs
Bagle - Name of a worm or virus
Worm - It spreads by itself once you double click on it.
Encrypted - Attachment secured with a given password