PandaLabs has detected the appearance of Bagle.KT, a new variant of this infamous family of worms. According to data from PandaLabs, this malicious code has already caused a number of incidents and users are advised to act with caution when opening emails.
The new Bagle.KT is very similar to its predecessors. It is an email worm which, using its own SMTP engine, sends itself to addresses that it finds on infected computers.
The email carrying Bagle.KT has a variable subject, while the message text is blank. The attachment to the message, which actually contains Bagle.KT, is a .zip, file with a name randomly chosen, as new_price12-Dec-2006.
When the user runs the attached file, the worm sends itself out to all the email addresses it finds in a wide range of files stored on the computer. It also tries to download files from certain Internet addresses.
Finally, the worm creates a series of entries in the Windows Registry in order to ensure it is run every time the system is started up.