Here’s some more stuff from The Inquirer about the new Bagle worm (AV firm warns of fresh Bagle variant), which quotes F-Secure as saying it has issued a level two alert for a variant of Bagle which it said is propagating like crazy across the world. Some details:
The firm said Bagle.AT is a polymorphic worm arriving in emails and with a number of different headers. It’s similar to the other Bagles around, and attaches itself to emails as a .EXE file with .com, .exe, .scr and .cpl extensions. Typical text strings include “delivery service mail”, “delivery by mail”, “registration is accepted”, “is delivered mail” and “you are made active”. Bagle.AT also open a back door to PCs that listens on port 81, and is password encrypted. That allows the author of the worm to connect to PCs and let him or her execute programs. The infected machines are reported to the worm’s author.
Always hard to know at the time how much of this is hype, but I guess it’s worth knowing about it in case it isn’t.