More Bagle, Mytob offshoots wriggle free
New variants are spreading, but won't pose a major threat if people remember to take usual precautions, security experts say.
Three new iterations of Bagle, released at one-hour intervals, popped up on Tuesday, said Maksym Schipka, a senior antivirus researcher at MessageLabs. About 70 variants of the mass-mailing computer virus have been reported since it first appeared in January 2004.
MessageLabs, which filters out malicious software from e-mail for clients, stopped nearly 100,000 copies of the Bagle variants in the first few hours after they hit, Schipka said. "We are seeing huge volumes," he said. MessageLabs said that the new versions appear to have originated from a Yahoo group.
The new Bagles do little to trick users into running their malicious content. The e-mail has no subject line or body text. The attachment is a ZIP archive that will attempt to download a Trojan horse from a list of Web sites, if unpacked and run. The Trojan harvests e-mail addresses from the PC to further spread the virus, Schipka said. It also installs a backdoor.
Mytob, like Bagle, is generating new offspring. It is a malicious worm that installs a backdoor and uses its own e-mail engine to forward itself to addresses that it gathers from infected computers.
Two new variants of Mytob have appeared over the past few days--one on Sunday and one on Tuesday, said Craig Schmugar, a virus research manager at McAfee.
New versions of Bagle and Mytob appear often. These recent ones are more of the same, said Alfred Huger, senior director of engineering at Symantec Security Response. "They are both, thankfully, fairly low-risk threats at this stage, in terms of their spread. We're seeing a low number of infections."
PC users can protect themselves by installing the latest updates for their antivirus software and using caution when opening e-mail attachments, the security providers said.