Panda issues alert for Bagle twins

NEW DELHI: PandaLabs has detected the appearance of new worms Bagle.BK and Bagle.BL. They are both designed to spread rapidly via email -in messages that use social engineering-using P2P applications like KaZaA.






Panda Software's international support network has already begun to register incidents caused by Bagle.BL in countries such as Holland and the USA, and it is likely, given the characteristics, that the number of computers affected by the worms will start to increase. With this in mind, Panda Software has set the virus alert level at orange.





Bagle.BK and Bagle.BL reach computers in email messages with spoofed sender addresses and with subject fields chosen at random from a list of options. Possible subjects include: "Delivery by mail" or "Delivery service mail". The message text may include phrases like: "Before use read the help" or"Thanks for use of our software". The message attachments, which actually contain the worms, have variable names, although their extension is always COM, CPL, EXE or SCR.





The most dangerous action that both variants of Bagle take is the termination of processes in memory related to antivirus and security applications, leaving computers defenseless against further attack. They also make several entries in the Windows registry to ensure they are run every time the system is started up and delete others that could exist as the result of infection by variants of Netsky.