More Worms Assault E-Mail Users

The most dangerous of the three, Bagel.U, was detected by security firm Panda Software, Glendale, Calif. Bagel.U attacks from within an e-mail message that has no subject and no body copy. The worm bears an attachment with a file name that varies, but it always has an "EXE" extension, Panda Software said in a statement.

If installed in an affected computer, Bagel.U can be recognized because it opens the Windows game Hearts, which is bundled with most Windows PC operating systems, according to Panda.

Bagel.U has a backdoor that opens TCP port 4751. The worm then tries to connect with a Web page hosting a PHP script, which is the process it uses to notify its author that the PC it resides in can be accessed through TCP port 4751, Panda said.

A weakness of Bagel.U is that the worm can only operate within a PC that has a running system date of Jan. 1, 2005 or earlier. PCs with system dates after Jan. 1, 2005 disable the worm, according to Panda.

Posing a lesser threat are two mass-mailer worms--MYWIFE.A and SNAPPER--identified Friday by the McAfee Avert team of Network Associates, Santa Clara, Calif.

MYWIFE.A and SNAPPER are both rated as a "low" threat by McAfee. MYWIFE.A is somewhat identical to the "MyLife" virus and spreads via e-mail attachments. SNAPPER spreads by e-mailing what appears to be blank messages but are really intended to exploit a weakness in Microsoft operating systems. Its purpose is "downloading other remote scripts that drop and run the worm on the victim's machine," the McAfee Avert team said in a statement.