Special to CNET News.com
A new variant of the Bagle worm is circulating, antivirus companies say.
The variant, BagleDl-L, is a Trojan horse that damages security applications and attempts to connect with a number of Web sites. According to antivirus companies F-Secure and Sophos, these Web sites currently contain no malicious code, but both companies believe this could soon change.
"Any Trojan horse which turns off your antivirus or firewall can open you up to further attack, even by very old viruses," Graham Cluley, senior technology consultant for Sophos, said in a statement. "This Trojan horse is aiming to take advantage of people's reflex reaction when they receive an executable file via email. Users who want to install software on their computer should be receiving it from their IT department, not from friends at other companies or potentially dangerous spam mailings."
Variants of Bagle, which surfaced more than a year ago, continue to proliferate.
Unlike mass-mailing worms, the Trojan does not self-propagate, but the security companies have highlighted it because a high number of e-mails containing it have been detected.
For this Trojan to work, a certain amount of social engineering is required because the e-mails contain a ZIP-file attachment that must be opened to display the programs "doc_01.exe" or "prs_03.exe," which must also be run manually to infect a computer.
The detection of BagleDl-L comes just days after Send-Safe.com, which offered spamming tools, was kicked off Internet service provider MCI's network. Send-Safe is said to use PCs that have been compromised by Trojan horses to propagate spam.
Dan Ilett of ZDNet UK reported from London.