A miserable month for Microsoft is continuing with warnings about yet another Windows worm.
Bagle.B might have been written by a gamer
Anti-virus companies have issued alerts about Bagle.B that is starting to appear in large numbers.
Like many other recent viruses it harvests addresses from the popular Outlook e-mail program and sends messages using its own e-mail engine.
Bagle.B also installs a backdoor in infected machines that could give some remote control over compromised PCs.
New virus, old tricks
Bagle.B is a variant of the original Bagle that was circulating in January this year.
The original Bagle posed as a calculator and tricked people into opening it.
Like its predecessor, and many other recent viruses, Bagle.B is triggered when a user opens the attachment on the e-mail bearing the malicious code.
As well as plundering e-mail address books, the virus also opens up a backdoor to give the virus' creator access to infected machines.
Any computer falling victim to the virus also reports its infection to a series of compromised websites, most of which are based in Germany.
From: (spoofed address)
Subject: ID (random characters)... thanks
Message: Yours ID (random characters)--Thank
Attachment: (random file name).exe
Anti-virus firms speculate that the creator of the virus is a keen gamer as the malicious program uses settings associated with Ultima Online. Also one of the sites that infected machines report to is all about computer games.
The virus is programmed to stop sending out e-mail after 25 February.
It is then expected to move into its second mode in which infected machines will be used as relays for spammers.
Efforts to combat spam mean that anyone wanting to send large amounts of e-mail must find an innocent machine to do it for them.
Since it was first seen on 17 February mail filtering firm MessageLabs has stopped more than 95,000 copies of the virus and infections have been seen in 66 countries.
It can infect machines running Windows 95, 98, ME, NT, 2000 and XP. The virus is known as Bagle.B as well as Alua@mm and Tanx-A.
Despite the sudden growth in Bagle.B numbers MessageLabs is still catching more copies of the Mydoom.A even though that virus was supposed to stop sending out infected e-mail messages on 12 February.
Security firms do not expect Bagle.B to become as widespread as Mydoom and urge people to update anti-virus software to ensure they are not caught out by the bug.