As of October 29, 2004 9:40 AM (GMT -7:00; Daylight Saving Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AU. TrendLabs has received several infection reports indicating that this malware is spreading in US, Japan, Sweden, Germany, Mexico, France, Argentina, Chile, Brazil, and Canada.
Like other BAGLE variants, the success of this worm may be attributed to its plain and brief email messages that bear the following details:
Subject any of the following
• Re: Hello
• Re: Hi
• Re: Thank you!
• Re: Thanks :)
Message body: any of the following
any of the following
with the following extension names
This worm scans an infected system for files with certain extension names to acquire its target recipients. It then uses its own SMTP engine and the domain servers of its harvested email addresses for its mailing routine. Unsuspecting users may then receive email messages from trusted acquaintances and readily execute the attachment, thus launching this worm.
For more information on WORM_BAGLE.AU, you can visit the Trend Micro Web site.