New Bagle variant seen in the wild

New Bagle variant seen in the wild

Antivirus software companies are warning email users that the persistent Bagle virus has re-emerged in a new version, Bagle.AF or Beagle.AB.

The virus comes in the form of a password-protected .zip file and has the password included in the message body as plain text or within an image.

According to Finnish antivirus company, F-Secure, Bagle.AF has quite similar functionality to Bagle.Z, which appears to indicate that the author of Bagle.AF had Bagle.Z’s source code.

The first Bagle virus, which spreads throughout the Internet via infected email messages and by targeting machines running Microsoft’s Windows operating system, was discovered in January. Since then it has continually been popping up with new variants, and given a plethora of names by the various antivirus companies.

In March, a variant with three names – Bagle.U, W32/Bagle.n@MM and W32/Beagle.m@MM – struck the Internet and foiled users with a small bitmap image to escape detection by antivirus programs.

F-Secure upgraded Bagle.AF to its "Radar Level 2" alert after receiving several samples of it from infected users in North America and Europe, according to the director of antivirus research at F-Secure, Mikko Hyppönen.

“The beginning of the outbreak looked pretty bad, as the initial burst of infections was big and worldwide,” Hyppönen said. “However, since then the amount of infections has levelled out and we don't expect this to become any bigger problem. It seems that the virus was seeded much more aggressively than some of the other recent Bagle variants.”

Trend Micro rated the risk from the Bagel variant as medium, though it said the damage and distribution potentials of the virus were high. McAfee raised its risk assessment to "medium-on-watch" and warned it had the potential of being upgraded to a high-risk threat. The company said it had received more than 100 reports of the virus, most of which came from the US.

Symantec upgraded its warning on what it is calling W32.Beagle.AB@mm to a Level 3 after it received 66 submissions of infections from customers, 17 of those being from corporate customers.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments