The latest variant of the Bagle worm was spammed on a mass scale yesterday, and anti-virus experts say users should be aware of any attachments containing the word "price".
Anti-virus vendor F-Secure says the attachment typically has a name like new_price.zip, price_new.zip, price_08.zip, etc.
Despite the high number of infected e-mails sent out, the virus is unlikely to have a massive impact, because the attachment must be opened before it can infect a computer, says Y3K MD Ryan Price.
"You can open the e-mail and it still won`t run the virus program. Most people will have the savvy to not open the attachment, so I don`t see companies having too much of a problem. Maybe just some home users."
Price says the main concern is that, like all other Bagle variants, it will allow hackers remote access to infected PCs.
According to F-Secure, the Bagle.AL variant uses the Object Data vulnerability in Internet Explorer to load and execute the PRICE.EXE file. When PRICE.EXE is run, it copies itself to Windows system directory as WINDLL.EXE and tries to add execution of this file to the Windows registry.
Patches for the variant are already available for download, and it is likely to start tapering off now, says Price. "I would be very surprised if there was a huge breakout of this variant."
For more information on Bagle variants, visit http://www.f-secure.com/v-descs/bagle_z.shtml.
Share
