Content

Bagle-infected PCs uploading new spam software

PCs already infected with variations of the Bagle virus began uploading new malware on Sunday.

A URL that had previously infected machines became active again early Sunday morning, sending new versions of malicious spamming software about once a minute, according to security vendor F-Secure.

"This is one of those new nasty download links that provide a new, uniquely repackaged version of the malware every 50 seconds or so," said Mikko Hypponen, F-Secure chief research officer.

The malicious download link had resided at https://www[dot]bbrealservis[dot]sk, a real estate agency in Slovakia, according to F-Secure, which called the modified versions of the virus SpamTool.Win32.Bagle.g.

The link on the Slovakian site was shut down later Sunday, but malicious users began the same operation from a URL called https://www[dot]benininfo[dot]com.

Several security firms warned late last month that a new version of the Bagle worm was in the wild, called W32/Bagle.GI by F-Secure and Bagle.ew by McAfee.

That version had encouraged PC users to visit a hacked Indian website.

Another variant, called Bagle-DO, had appeared in early March, threatening users with faux lawsuits to get them to open malicious attachments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds