Security fears raised for new Bagle attack
F-Secure is warning that a Bagle attack could be imminent as a number of the URLs accessed by the viruses have been re-activated.
The company says the URLs have been loaded with a new 188KB executable file, which computers currently infected by the Bagle virus will begin downloading.
The new executable causes the infected machines to start pumping out emails with a new variant of the virus. F-Secure says that the emails have attachments with filenames related to price lists.
The emails include a gif image which displays the password needed to open the attachment. Once the attached Zip file is run, it installs the file and opens a fake error code in Notepad or Registry Editor.
It also uses a rootkit to hide its presence on infected systems.
F-Secure says it has already added protection against the new variant.