Sophos said in a statement Tuesday that it discovered a new version of the worm, which usually finds itself at or near the top of security firms’ list of leading viruses.
In the latest version, the Bagle variant spreads via email using a subject line randomly selected from a list of 118 different names programmed into its code, according to Sophos. Zip files are attached to the emails, and the worm is encrypted inside the files. The message body contains phrases such as "I love you" and a five-digit numerical password that recipients can use to unlock and download the bug.
Once activated, the worm disables security applications and downloads malicious code from one of 99 websites, based in foreign countries such as Poland, Russia and the Czech Republic, according to Sophos.
"The worm uses a randomly generated password for its email image and for the .zip file, in an attempt to evade email filters," said Graham Cluley, Sophos’ senior technology consultant. "Users would be wise to resist the temptation of opening unsolicited attachments, and ensure their anti-virus protection is kept up-to-date."
Finnish security vendor F-Secure said on its blog this week that it recently has received numerous reports of the worm.
"We usually receive new Bagle variants once or twice a week, but for the past week, we have received a new Bagle once per day," according to F-Secure.
_(37).jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
