Security news
Security news10 February 2006
Bagle worm spreading widely as "February Price" email Bagle-CH worm lowers system security
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a new version of the Bagle worm which has spread widely in the last few days. Sophos is advising users to ensure their anti-virus protection is up-to-date to protect against attacks.
Sophos has received many reports of the W32/Bagle-CH worm being spammed out in emails as a ZIP file attachment. When spreading via email the worm disguises itself by using the message text "February Price" and the subject line "Price".
At the time of writing, the Bagle-CH worm accounts for 10% of all viruses spotted at Sophos's global network of monitoring stations, making it the third most commonly encountered email virus.
Users opening their email may be at risk from infection and hacker attack if not properly protected. Once the worm has infected a computer, it attempts to disable anti-virus and other security software.
The worm also attempts to spread itself via file-sharing networks, posing as a number of different files, including a beta of Windows Longhorn, hardcore pornography, or a copy of Adobe Photoshop 9.
"We are seeing an increasing number of reports of this virus at email gateways around the world, but those with defenses in place should have little to fear," said Graham Cluley, senior technology consultant for Sophos. "Computer users should learn never to open unsolicited email attachments. With over 2300 new viruses, Trojans and spyware programs discovered in the last month alone its essential for businesses to automate their virus protection against the latest malware menaces, and ensure they have a policy in place at their email gateway to control what arrives in their users' inboxes."
Another recent version of the Bagle worm, W32/Bagle-CJ, can disguise itself as an email message from the Symantec online store, and attempts to spread via P2P file-sharing systems as nude pictures of actress Kate Beckinsale, or erotic content related to Paris Hilton and Britney Spears.
Sophos has been protecting businesses against the W32/Bagle-CH worm since 15:06 GMT on 7 February. W32/Bagle-CJ has been protected against since 18:40 GMT on 9 February 2006.
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
