Five new versions of the Bagle worm escaped on to the Web at the weekend. Just one, the medium-risk Bagle-C, has spread widely.

The new bagles - C through to G - have minor differences only. It seems that unknown virus writers are trying different tactics to fool users into spreading their malicious code. All seven Bagle variants affect Windows PCs only.

Bagle-C commonly arrives by email as a zipped EXE file with the icon of an Excel spreadsheet file and various different subject lines and attachment names. The body of the messages is empty, and the sender address in the email is spoofed.

If you open this executable attachment you may infect your PC. The worm includes a back door component which disables some security software packages. It may also be used to collect the addresses of infected computers, according to F-Secure, an anti-virus software vendor.

Bagle-C scours the hard drives of infected computers for email addresses. It then sends copies of itself to these addresses using its own SMTP engine. The worm is programmed to stop spreading after March 14.

As usual, users are warned to minimise risk of infection by not clicking on unknown attachments in emails. Updating anti-virus signature definitions is also a sensible step. ®

Related Stories

Say hello to the Bagle Worm (http://www.theregister.co.uk/content/56/34958.html)
Bagle-B clobbers weary Net users (http://www.theregister.co.uk/content/56/35625.html)

External Links

Analysis (http://www.f-secure.com/weblog) and timeline of the Bagle variant outbreak from F-Secure