14 DAY TRIAL // Several online security companies among which: Sophos, MicroWorld, PandaLabs si Kaspersky Lab have reported a new version of the infamous Bagle worm. This time the "I love You" message carries the Win32.Bagle.fy version of the worm in a password protected .zip archive.
Win32.Bagle.fy uses its own SMTP (Simple Mail Transfer Protocol) engine to spread and has no less than 118 randomly generated names that it will use as senders for "I love you" e-mails. The worm is not acting on his own; other variants of the Bagle family, JN, JO, JP, and JQ were also detected. The e-mails invariably contain a password and a protected .zip file and the user is invited to open the archive using the provided piece of code. Once executed, the worm will lower the security level of the compromised computer and will begin downloading malware from no less than 99 sites in Poland, Russia and the Check republic.
"It's always a tendency of the human psyche to open up a protected secret and nobody knows it better than the Virus writer," said Govind Rammurthy, CEO, MicroWorld Technologies. "Now when you club that penchant with a message that says 'I love you', coming from a rather common name, the whole thing adds up to the temptation and smoothly gets you into its vicious design. This is smart Social Engineering with a heady mix of emotional ploys."