New e-mail worm on the creep

An unwelcome bagel is spoiling the morning for growing numbers of e-mail systems administrators.

A new mass-mailing worm, known as W32/Bagel-A or just Bagel.A, spread rapidly in past weeks in Europe and began showing up in the United States in mid-January.

According to iDefense Inc. of Reston, Va., Bagel.A crossed the Atlantic and quickly began spreading, resulting in more than 50,000 interceptions before Martin Luther King Jr. day was over.

The worm contains the subject "Hi" and the message text reads "Test)".

"There's nothing particularly enticing about the message sent out by Bagel, yet it spreads with very good success in the wild," said Ken Dunham, director of malicious code at iDefense. "It appears that being brief and saying little, even if the content is vague and scarce, is a highly effective method for spreading malicious code."

Bagel also contains a spoofed "from" address and a 15.87K executable attachment with a random file name. When executed, the attachment attempts to create the file BBEAGLE.EXE in the Microsoft Windows System directory, disguising itself with the Microsoft calculator icon. It mass-mails itself to addresses harvested from the compromised computer.

Macintosh, Linux and Unix systems are unaffected by the new worm.