A new version of the Bagle virus is making the rounds of the Internet. Known as Bagle.B, the virus is a mass-mailer like the original Bagle and also includes a component that notifies the author each time a new machine is infected.

Anti-virus companies say they have seen several dozen submissions of Bagle.B from customers Tuesday morning.

The new variant arrives in an e-mail with a spoofed sending address and a subject line that contains the term "ID" followed by a string of random characters. The text of the message simply says: "Yours ID" followed by another bunch of random characters.

The attachment is an executable file with a random file. Once the user executes the file, the virus mails itself to all of the names found on the user's hard drive, with the exception of addresses in the Hotmail, MSN, Microsoft and AVP domains.

Bagle.B also opens port 8866 and begins listening for remote connections, according to an analysis done by Network Associates Inc.'s McAfee AVERT team. The virus also sends an HTTP notification, presumably to the author, notifying him that the machine is infected.

Bagle.B first appeared Tuesday and has been gaining momentum throughout the morning, anti-virus companies said.

http://www.digitalbetas.com/

nik