New Bagle Worms Hitting Hard

Experts at Sophos’s virus labs are warning of a new twist in the Bagle virus saga. New variants, Bagle-Q (W32/Bagle-Q) and Bagle-R (W32-Bagle-R), use a different method of infection in an attempt to bypass anti-virus protection at the email gateway. Sophos has received many reports of these worms spreading in the wild, and warns users to be especially wary when logging on.

Unlike most email viruses, the two new Bagle worms do not carry email attachments, making them difficult to spot. If a user opens the message – and their version of Microsoft Outlook has not been patched against a five-month old critical vulnerability – malicious code is automatically downloaded from the PC which sent the “carrier” email.

Once installed, the worms halt a wide range of security applications, potentially opening up your computer to further virus or hacker attack. The worm will also attempt to spread via file-sharing networks and infect other executable files.

“As the UK comes into work this morning there’s a real danger that these Bagle worms will take off – we’ve already had a high number of reports from other parts of the world – particularly Korea, which is known for its uptake and use of technology,” said Graham Cluley, senior technology consultant, Sophos. “Exploiting a security loophole in the popular Microsoft Outlook email system means these worms have the potential to hit hard. Both home and business computer users need to make sure they are patched against all vulnerabilities.”

To prevent infection, Sophos recommends that users update their anti-virus software against the latest threats. Users should also patch against all security vulnerabilities. It is possible to check which Microsoft security patches need to be applied to individual PCs by visiting: Businesses can also protect themselves at their firewall, preventing computers on their network from downloading the worm from outside.

“Bagle is a wake up call about the need for holistic security. By keeping on top of security patches, anti-virus software updates and ensuring firewalls are properly installed, users can lessen their chances of getting hit,” continued Cluley. “If you don’t patch yourself against these kind of threats, you shouldn’t be surprised if a worm bites you on the backside.”

For more information about Bagle-Q and Bagle-R, visit Sophos’s website: The patch against the Microsoft Outlook security vulnerability can be found at:




Share this