New mass-mailing worms found in the wild

New mass-mailing worms found in the wild

Waking up to fresh bagels is a good thing, but when it is spelled 'bagle' it could mean headaches for systems administrators.

European antivirus organizations have reported finding new variants of the bagle worm in the wild overnight. It is not clear how quickly they are spreading, but they appear to be heavily seeded. Analysts at Moscow-based Kaspersky Labs estimate that several million copies of the worms have been sent.

BitDefender Labs of Bucharest, Romania, called the new worm it discovered a 'classic mass mailer, in no way dissimilar to its predecessors.'

Both companies have updated antivirus signatures for the worms.

Three variants have cropped up, dubbed, and Bagle.AX. All carry similar payloads, which install e-mail proxy servers and back doors.

The subject line in copies found so far begins with 'Re:' and is followed by 'Hello,' 'Thank you,' 'Hi,' or 'Thanks :).' Sometimes the remainder of the line is blank.

The payload is in an attachment, usually named 'price' or 'joke,' with a .com, .exe, .cpl or .scr extension.

The worms scan infected machines for e-mail addresses and mail copies of themselves. The .au and .at versions also open port TCP 81. The .AX version also can spread over peer-to-peer connections.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected