New Bagle Downloader spreading like wildfire via email

MessageLabs, the leading provider of email security and management services to businesses, is warning computer users to be on their guard against a new variant of the Bagle downloader. MessageLabs has intercepted almost 70,000 copies already. The first copy was intercepted today at 13:24 GMT (14:24 BST). 45,769 copies have been stopped in the last hour (3-4pm BST). The virus appears to have originated from a Yahoo group.

The as yet unnamed Bagle downloader variant drops a trojan that attempts to download Bagle from a vast list of locations. Computer users who activate the file attached in the email invoke the virus, which harvests email addresses it finds on the computer’s hard drive. The virus then forwards itself onto the list of email addresses it has discovered in infected computer.

Email characteristics:

Subject lines: < Empty >
Body Text: < Empty >


Damage
Once activated, the Bagle downloader variant drops a copy of an executable file onto infected computers, which in turn polls a vast list of URLs for the availability of a new mass-mailing component.

Detection
MessageLabs detected this virus proactively, using its unique and patented Skepticâ„? predictive heuristics technology.

For further information, please visit the MessageLabs website at: www.messagelabs.com/intelligence

-ends-

About MessageLabs
MessageLabs is the world’s leading provider of email security and management services with more than 10,000 clients and offices in eight countries. For more information, please visit http://www.messagelabs.com




Share this