Yet another threatening Bagle worm showed up on Friday, March 3. Unlike the previous Bagle worms, security companies and other solution providers state this one makes threats to call lawyers on the recipient instead of the police.
The UK-based company Sophos said that Bagle.do spreads through emails that have misspelled subject lines including the following: “Call to your lawer immediately” and “Lawsuit against you.” The actual body of the message takes on many different forms, but all of them state legal claims from identity theft to fax spamming to the sender’s fax machine or computer.
The file attached to the message has varying names, including “lawsuit.exe” and “explanation.exe,” and claims to have legal documents which are actually the worm. Opening and running the file infects the recipient’s PC with a backdoor and decreases the machine’s security settings. If left untreated, it may also end up downloading unwanted and harmful code to the entire system from different websites.
The Bagle.do worm also spreads via peer-to-peer file sharing by imbedding copies of itself in various folders used by P2P applications including KaZaa and Limewire.
Solution providers and security companies say those that receive this email won’t believe it is meant for them, but they might respond to the sender to tell the person it was sent to the wrong person. What causes the infection is actually opening the attachment, which is how the recipient will infect his/her computer and risk passing it to other users.
Anti-virus companies have called the worm by different names. McAfee called it “Bagle.dy,” and Symantec called it “Bagle.dx.” McAfee reported that the creator of the worm put a message inside the malicious code: “In a difficult world In a nameless time I want to survive So, you will be mine!!”
Blogged By: Computer Consulting 101