Long-suffering Net users are finding their in-boxes clobbered again today with the appearance of yet another mass mailing worm.

Mercifully, Bagle-B (http://www.f-secure.com/v-descs/bagle_b.shtml) is much less prolific than the recent MyDoom worm.

Bagle-B (AKA Tanx-A) normally arrives in emails with a subject line of "ID" followed by random characters and the message text: "Yours ID". Its payload includes a backdoor component which surrenders control over the infected machine to hackers. This comes in an attached .exe file with a randomly-generated filename.

Run this attachment on a Windows machine and your PC gets the pox. Mac or Linux boxes are immune.

The worm harvests email addresses from infected PCs and forwards itself to other prospective victims using a spoofed "From:" field.

Most AV vendors rate Bagle-B as a medium-level risk.

Standard precautions apply to defending against the bug: update AV signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®

Related Stories

Say hello to the Bagle Worm (http://www.theregister.co.uk/content/56/34958.html)
MyDoom dies today (February 12) (http://www.theregister.co.uk/content/56/35516.html)