Bagle Bullies Users Into Infections

Dubbed Bagle.dw by Symantec, the worm arrives as an executable file attached to messages with subject heads that range from "You are a criminal and will be busted!" to "You steal from innocent people."

Recipients who bite on the bait and launch the file will have their PC infected with a backdoor component and their security settings lowered. The worm also tries to download unspecified files from a large number of Web sites, then remotely run those files.

One of the three message permutations reads like a ransom note from a 20-something:

"Dude, I found your email from whois info of a web page that was used in spam and illigal [sic] activity, please do something or you will be sued and busted. Was very dumb to leave your email, a**hole! P.S Attached file is self-exatracting [sic] archive with information about your criminal activity."

Symantec rated Bagle.dw as a "2" in its 1 through 5 threat ranking system, but said that it had been widely distributed by a spam-style mass mailing.

In other malicious code news, U.K.-based security company Sophos announced Thursday that during February, about 1 in every 90 e-mails contained a virus, Trojan, or worm. During the month, Sophos also said, two Bagle variations made its Top 10, including one that debuted early in the month, and a much older version from 2004 which made an unexpected comeback.

"Businesses and individuals without computer protection in place are living in cloud-cuckoo-land," said Carole Theriault, Sophos senior security consultant, in a statement. "These worms can wreak havoc on a network but are easily controlled if an effective security policy is in place."