Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have announced the discovery of a new version of the Bagle worm spreading via email systems.
The W32/Bagle-KL worm spreads as a Zip email attachment, encrypted with a password. The randomly generated numerical password is communicated to the recipient by embedding an image into the email.
The emails invite the user to open the Zip file using a password.
The worm spreads via email using a subject line randomly chosen from 118 different names programmed into its code. The list of names includes:
Ann, Anthonie, Constance, Emanual, Frances, Geoffraie, Harrye, Humphrie, Judith, Margerie, Michael, Nicholas, Robert, Winifred, Johen, Thomas
Attached to the email are Zip files, which are created using the chosen name. Examples include:
Edmund.zip, Nicholaus.zip, Dorithie.zip, Henry.zip, Daniel.zip, Nycholas.zip, Judeth.zip, Sybyll.zip, Winifred.zip, Bennett.zip, and John.zip.
News Source:
infozine.com 
New Bagle Email Worm Spreading via Encrypted Zip File 
