Several new variants of the Bagle downloader trojan and corresponding email worm have surfaced recently. These new variants use ZIP files with an individual's name as a social engineering scheme to appear as possibly safe attachments. Users should avoid opening any email attachment until it has been tested to ensure it safe even on legitimate email correspondence.
Bagle - McAfee Information
This is a downloader trojan. However, like previous Bagle variants, it is likely that in the near future, the author(s) will post an accompanying EXE file on a remote server, which SPAMs new versions of Bagle (not to addresses harvested on the local system, but to addresses specified in spam lists also on remote web servers). This trojan was mass-spammed in a ZIP attachment and uses peoples names as the filenames:
- Edmund.zip
- Elizabeth.zip
- Fraunces.zip
- Grace.zip
- Henrie.zip
- Jeames.zip
Symantec information is noted below:
Several reports from Sophos are noted below: