Bagle Virus Warning

It's almost a sporting contest, but most of us are unwilling players. The international virus game of release-patch-re-release has begun again this year, with a new virus, known as Bagle, circulating the Internet.

The virus comes to people's mailbox with the subject line saying 'Hi' and body text saying 'Test'. Attached is a file with an .exe file extension and a name made up of randomly generated characters - it is this attachment that, if opened, will infect you with the virus.

It cleverly disguises its nature, often associating with the calculator icon in an attempt to look harmless. Its hapless victims, who get infected by opening the attachment, then have their computer searched for email addresses, and when they are found, the worm will send a copy of itself to almost every address is finds, invisibly (i.e., not via Outlook or other mail software where you would notice the activity).

One interesting feature of this worm is it's intentional avoidance of sending an email to addresses ending in hotmail.com, microsoft.com or msn.com, presumably in an attempt to avoid rapid detection by these popular servers.

If you have become infected, you can use a removal tool from Symantec to clean it up from http://www.sarc.com/avcenter/venc/data/w32.beagle.a@mm.removal.tool.html . Additionally, this virus is programmed to "drop dead" - or stop replicating - after the 28th of January 2004. Other viruses of this type, however, have simply re-appeared as a new version with later drop-dead dates every time one expires, so don't be surprised if we are hearing more about this in 2005.

Who writes these viruses, you might be asking? While every case is different, a lot of viruses are said to be coming out of Asia. Given the proximity to Chinese New Year, and the botched spelling of the virus name, (most likely in reference to the lost Beagle II space probe to Mars), I'd be betting this one also came from Asia, and we are likely to see more with Chinese New Year happening tomorrow, on the 22nd of January.

Add Your Comment

No one has commented on this page yet.