Bagle-U plays MS Hearts

Key to victim's PC

A new variant in the Bagle worm series - Bagle-U - is spreading quickly across the Internet this morning.

As with its 20 previous siblings, Bagle-U spreads vy email. This time, infected emails have an empty subject, no body text and a randomly-named attachment containing malicious code.

If this attachment is run, the worm opens Microsoft Hearts card game (MSHEARTS.EXE file) before going through what have become standard virus routines, common to all the worms in the Bagle series.

The worm scours a user's hard disk for email addresses and sends copies of itself onto those addresses. It also installs a backdoor that listens to port 4751. As before, the worm connects to a website (this time in Germany) and reports backdoor IDs and ports to the worm's author.

Email filtering firm MessageLabs has blocked 8,000 copies of Bagle-U this morning, and places the worm in the medium to high-risk category.

Standard defensive precautions apply: update anti-virus signature files and (if you're an admin) consider introducing controls to block executables at the gateway. If you're a regular user, be careful of those unsolicited attachments, even from people you know. ®

Related stories

Say hello to the Bagle Worm
Bagle-B clobbers weary Net users
Latest Bagle worms spread on auto-pilot

Sponsored: Today’s most dangerous security threats