The malicious program, known as Bagle.Z, has not spread very quickly, said Vincent Gullotto, vice president of the antivirus emergency response team for Network Associates, which makes security software.
 | ||||
|
| | ||
|
Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. |
| ||
|
|
||||
|
|
||||
"I don't anticipate this one to last long," he said, adding that the variant has had some initial success because the worm attaches itself to e-mail in a control panel file, which is an executable not used by virus writers before. "It is not a file that most people would typically block, so it may penetrate into some environments."
The release of Bagle.Z is the latest in what appears to be a contest between the writers of two worms: Bagle and Netsky. A recent version of Netsky, or Skynet, as the author calls it, included a promise by the writer to keep creating new versions as long as the creator of the Bagle worm keeps revising that program.
While there were at least six different versions of Netsky released in April, far fewer Bagle variants have been seen this month. Virus experts believe that the source code to the Netsky worm was leaked to the Internet by the author, and so it is likely that no single author created all the variants.
Several version of the Bagle worm were released in March. However, the program has not spread widely. E-mail service company MessageLabs reports having seen a relatively small number--several hundred--of the worm's e-mail messages, the company said in an e-mail release.
The variant continues the trend of using a randomly chosen name from a list of words for the subject of the message and for the attachment that contains the program. Additionally, the worm uses a graphic of three cherries, similar to a winning result on a slot machine, as the icon for the executable attachment, said Network Associates, which is planning to change its name to McAfee.
The attachment also contains these four lines of text, which appear in all-capital letters:
"Unique people make unique thingsThat things stay beyond the normal life and common understanding
The problem is that people don't understand such wild things,
Like a man did never understand the wild life."
Attaching a poem to a virus is not a new technique. In the early 1980s, what is believed to be the first Apple II virus displayed a poem every 50th time the infected computer started up.
More information on computer viruses and how to prevent them can be found at CNET's Virus Center.
