A URL that had previously infected machines became active again early Sunday morning, sending new versions of malicious spamming software about once a minute, according to security vendor F-Secure.
"This is one of those new nasty download links that provide a new, uniquely repackaged version of the malware every 50 seconds or so," said Mikko Hypponen, F-Secure chief research officer.
The malicious download link had resided at http://www[dot]bbrealservis[dot]sk, a real estate agency in Slovakia, according to F-Secure, which called the modified versions of the virus SpamTool.Win32.Bagle.g.
The link on the Slovakian site was shut down later Sunday, but malicious users began the same operation from a URL called http://www[dot]benininfo[dot]com.
Several security firms warned late last month that a new version of the Bagle worm was in the wild, called W32/Bagle.GI by F-Secure and Bagle.ew by McAfee.
That version had encouraged PC users to visit a hacked Indian website.
Another variant, called Bagle-DO, had appeared in early March, threatening users with faux lawsuits to get them to open malicious attachments.
_(28).jpg&h=140&w=231&c=1&s=0)
_(23).jpg&h=140&w=231&c=1&s=0)
iTnews Benchmark Awards 2026
iTnews Executive Retreat - Security Leaders Edition
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
