Experts: Spread of agile 'Bagle' worm subsides

The swift spread of an e-mail worm that surfaced over the weekend appears to have reached its peak and may be subsiding, computer security experts said Tuesday.

Dubbed "Bagle" or "Beagle," the subject line of the worm simply reads "Hi" with "test : )" in the body of the message. Once a person clicks on the attachment, the worm sends itself to the recipient's e-mail address book. The worm also randomly selects a name from the address book to use as a return address in the messages it sends.

By spoofing a familiar e-mail address, experts said the person who receives it could be duped into trusting the content.

"Unfortunately there's still ... computer users out there who will click on anything they receive by e-mail," said Chris Belthoff, an analyst at computer security firm Sophos.

Belthoff said when recipients click on the attachment, the virus launches the Windows calculator to disguise the damage it is doing. Behind the scenes, the "Bagle" code also attempts to install a Trojan horse or backdoor program that could allow a hacker to gain remote access to an infected computer.

However, Belthoff said Sophos had received no reports of any overwhelmed networks or hacked computers.

"We're starting to see the activity die down, and we don't expect it to pick up after this," Belthoff said. "But I wouldn't be surprised to see it pick up again in late January or early February."

The "Bagle" virus is coded to expire on January 28, which security experts say is a possible sign that the creator may be using it as a test before sending out more sophisticated variants of it in the future.