Just previewing an email containing a URL that points to Bagle.Q may be enough to initiate the virus' download, according to internet security firms.
Trend Micro yesterday announced that the email containing the Bagle.Q URL was in circulation and flagged Bagle.Q as a medium level threat, warning that it opened backdoors to accept remote commands, and attempted to terminate anti-virus and firewall processes.
According to Trend Micro, the URL link does not need to be clicked on -- Bagle.Q exploited a vulnerability in Outlook and Outlook Express, and may automatically download if viewed using that software.
MessageLabs said that URL may be pointing to the (infected) computer that sent the email and that the 'From' field of the email was likely to be spoofed (faked), and that the email was likely to appear as a warning or notification (or a false-reply).
According to both security firms, this email should come with no attachments, but Trend said it suspected that Bagle.Q could also spread itself as email attachments.
Furthermore, Bagle.Q reportedly copied itself into Windows folders used in peer-to-peer file sharing, and attempted to disguise itself as an executable referring to popular applications, pornography or 'cracking' software.
MessageLabs said that a patch for the Outlook/Outlook Express vulnerability had been made available on the Microsoft website. The company said that protection could also be implemented by configuring the network firewall to block access to the internet via TCP port 81; this would prevent the email from automatically downloading the virus.
Trend Micro has offered a software removal tool for the virus and advice on how to remove it manually.