All versions of the Bagle DI-U Trojan try to turn off antivirus and security software, and to block access to security Web sites, in an attempt to strip away a PC's immune system, enabling hackers to gain access, Sophos said in a statement on Tuesday.
There are strong similarities between the two waves of spammed messages bearing the Trojan, according to Sophos. In both, the subject line is blank, the body message text is "new price," and the malicious file attached could be identified with names such as "09_price.zip," "price_new.zip," and "price2.zip."
Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.
Sophos advised taking the usual precautions against such attacks. "All computer users must avoid opening unsolicited e-mail attachments and ensure that their antivirus protection is up-to-date," Carole Theriault, a senior security consultant at the antivirus company, said in a statement.
Theriault said corporate Internet users should also consider blocking all executable code from entering their networks via e-mail.
Tom Espiner of ZDNet UK reported from London. CNET News.com's Joris Evers contributed to this report.