Bagle attack comes in two waves

Two waves of spam were launched this week to send out new variants of the Bagle Trojan horse, antivirus company Sophos said.

All versions of the Bagle DI-U Trojan try to turn off antivirus and security software, and to block access to security Web sites, in an attempt to strip away a PC's immune system, enabling hackers to gain access, Sophos said in a statement Wednesday.

There are strong similarities between the two waves of spammed messages bearing the Trojan, according to Sophos. In both, the subject line is blank, the body message text is "new price," and the malicious file attached could be identified with names such as "09_price.zip," "price_new.zip," and "price2.zip."

Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.

Sophos advised taking the usual precautions against such attacks. "All computer users must avoid opening unsolicited e-mail attachments and ensure that their antivirus protection is up-to-date," Carole Theriault, a senior security consultant at the antivirus company, said in a statement.

Theriault said corporate Internet users should also consider blocking all executable code from entering their networks via e-mail.

CNET News.com's Joris Evers contributed to this report.