Bagle and Lovgate variants pose new threat

Security experts have increased the risk assessment on two new virus variants: W32/Bagle.ad@MM and W32/Lovgate.ad@MM.

McAfee's Avert antivirus division raised the risk assessment to medium on both of the recently found viruses as they begin to spread.

The latest Bagle mutant, W32/Bagle.ad@MM, also known as Bagle.ad, is a mass-mailing worm that is packed using the UPX executable packer and comes in the form of a password-protected Zip file, with the password included in the message body as plain text or within an image.

McAfee has received "numerous reports" of the virus being spotted or infecting users, with most of the reports arriving from Japan, Australia, Germany and the UK.

Avert also warned on the W32/Lovgate.ad@MM infection, a worm that spreads via vulnerable systems on the web or local area network as well as email, sending itself to addresses found on the victim's machine in the form of a .zip archive or as a .pif or .scr file. It can also exploit the MS03-026 Windows vulnerability.

The security firm said that it first saw the Lovgate variant yesterday but has already received more than 100 samples of infections, both from real customer submissions and virus-generated mail from customers in Japan, Europe and the US.

More information from Avert on the Bagle and Lovgate worms can be found here.