New mass-mailing worms found in the wild

New mass-mailing worms found in the wild

Waking up to fresh bagels is a good thing, but when it is spelled 'bagle' it could mean headaches for systems administrators.

European antivirus organizations have reported finding new variants of the bagle worm in the wild overnight. It is not clear how quickly they are spreading, but they appear to be heavily seeded. Analysts at Moscow-based Kaspersky Labs estimate that several million copies of the worms have been sent.

BitDefender Labs of Bucharest, Romania, called the new worm it discovered a 'classic mass mailer, in no way dissimilar to its predecessors.'

Both companies have updated antivirus signatures for the worms.

Three variants have cropped up, dubbed, and Bagle.AX. All carry similar payloads, which install e-mail proxy servers and back doors.

The subject line in copies found so far begins with 'Re:' and is followed by 'Hello,' 'Thank you,' 'Hi,' or 'Thanks :).' Sometimes the remainder of the line is blank.

The payload is in an attachment, usually named 'price' or 'joke,' with a .com, .exe, .cpl or .scr extension.

The worms scan infected machines for e-mail addresses and mail copies of themselves. The .au and .at versions also open port TCP 81. The .AX version also can spread over peer-to-peer connections.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected