Security

Bagle keeps on toasting PCs

Publicly available source code means the latest variant of the virus won't be the last.

Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!

By Robert Lemos
CNET News.com

A new version of the Bagle computer virus started spreading on Monday among PCs connected to the Internet, and antivirus companies warned that more variants are sure to come.

The latest virus, called Bagle.AI by some antivirus companies and Beagle.AG by others, spreads through e-mail as an attached file, which infects a user's PC when opened. The virus is but uses a different form of compression as a way to dodge virus defenses.

"It really looks likes someone took the source code and changed a small number of things and then re-released it," said Oliver Friedrichs, senior manager for antivirus company Symantec's security response team.

Symantec rated the virus as a three on its five-point scale, and rival McAfee called Bagle.AI a medium threat.

The latest Bagle virus is the fourth variation found by antivirus companies in a week. Earlier this month, the program's writer released a version of the virus that , the computer commands that can be compiled to make the virus. Antivirus companies believe the move will lead virus writers to create a greater number of variants.

"When the source code is available, it opens up the door to anyone making changes and releasing a new variant," Symantec's Friedrichs said. "It lowers the bar quite dramatically."

Another program with publicly available source code, , has more than 900 variations.

Bagle.AI arrives in e-mail as an attached file and infects computers running the Windows operating system if the user opens the file. The program harvests e-mail addresses from the infected machine and sends out messages to every address, with itself attached. The "from" field in the e-mail is forged to confuse the source of the message.

Like , the program also attempts to stop more than 250 security applications from running on the computer and contacts one of nearly 150 German Web sites to let the attackers know of their latest conquest.

The virus also copies itself to any directory that bears a name containing the word "shar," a means of targeting users of peer-to-peer software and to spread across network shares.

Computers compromised by the virus will likely be open to exploitation by spammers.

Editor's Picks

Free Newsletters, In your Inbox