Bagle.z

W32/Bagle.z@mm (aka worm_bagle.X@mm by Trend Micro) Last Updated 4/26/04 4:30PM

CIT has been notified of an email virus called W32/Bagle.z@mm. This is a mass-mailing worm that harvests email addresses from infected machines. Emails are forged to appear to be sent by an address from the @nih.gov domain. This mass-mailing worm has two attachments included. Recent email samples show a .jpg and a .cpl attachment.

From: alias@nih.gov

• annie@ (domain of recipient)
• christina@ (domain of recipient)
• christy@ (domain of recipient)
• jessie@ (domain of recipient)
• lizie@ (domain of recipient)
• secretGurl@(domain of recipient)

Examples of subjects lines are:

• Hey!
• Let's talk, my friend!
• Hello!
• Hey!
• Let's socialize, my friend!
• Let's talk, my friend!
• I'm bored with this life
• Notify from a known person ;-)
• I like you
• I just need a friend
• I'm a sad girl...
• Re: Msg reply
• Re: Hello

Body: varies

Example

Hi,

(embedded .jpg image here)

I'm a young lady of 20 years old i'd like to find my second part!!!

Further details are in attach.
Cheers, SecretGurl

Attachment:(Two attachments, Possibly a .jpg and .cpl file)

Example