Massed bagles launch their attack

Antivirus company F-Secure has dubbed today 'Bagle day', after finding three variants of the self-sending virus
Written by Dan Ilett, Contributor

Antivirus experts have declared today as 'Bagle day' after discovering three variants of the virus within a few hours.

The variants apparently modify themselves by stealing file icons stored on hard drives and attach them to the emails they spread with. The laboratory technicians at F-Secure found one of the variants (Bagle.AV) on a Web site accessed by another version of the virus.

Bagle.AV, the company said on its Web log, was likely to be a prototype as it only sent itself to a limited number of email addresses. The virus even borrowed an F-Secure icon when it sent itself.

"This is probably a test variant because it just has a bunch of addresses in its email folder," said Patrik Runald, technical manager for F-Secure. "The others are self-perpetuating viruses that travel via email and peer-to-peer file sharing folders."

According to the firm, Bagle.AT appeared shortly afterwards and was causing 36 percent of the company's virus reports at the time of writing. F-Secure said that Bagle.AT, which was given a level-two threat alert, was number one in the virus statistics today.

The third variant of the virus, Bagle.AU, popped its head around the corner shortly afterwards. F-Secure said that the virus had the same functionality as Bagle.AT, but used a different control panel applet to execute with. Bagle.AU was ranked as number 12 in the company's virus statistics.

"It's a massmailer like .AT," said Runald. ".AU is a replicated variant, but the fundamentals of the virus are the same."

Editorial standards