Bagle-infected PCs uploading new spam software

PCs already infected with variations of the Bagle virus began uploading new malware on Sunday.

A URL that had previously infected machines became active again early Sunday morning, sending new versions of malicious spamming software about once a minute, according to security vendor F-Secure.

"This is one of those new nasty download links that provide a new, uniquely repackaged version of the malware every 50 seconds or so," said Mikko Hypponen, F-Secure chief research officer.

The malicious download link had resided at https://www[dot]bbrealservis[dot]sk, a real estate agency in Slovakia, according to F-Secure, which called the modified versions of the virus SpamTool.Win32.Bagle.g.

The link on the Slovakian site was shut down later Sunday, but malicious users began the same operation from a URL called https://www[dot]benininfo[dot]com.

Several security firms warned late last month that a new version of the Bagle worm was in the wild, called W32/Bagle.GI by F-Secure and Bagle.ew by McAfee.

That version had encouraged PC users to visit a hacked Indian website.

Another variant, called Bagle-DO, had appeared in early March, threatening users with faux lawsuits to get them to open malicious attachments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.