With all eyes apparently on the GREW.A worm (aka: Blackworm), which is set to attack on Friday, according to anti-virus vendor Trend Micro, security experts have discovered a new variant of the notorious BAGLE family of worms has begun popping up around the world – apparently to capitalise on the diversion of attention.

According to Adam Biviano, senior systems engineer, Trend Micro Australia and New Zealand, a total of seven malicious files have been attributed to WORM_BAGLE.CL thus far, with more likely to surface throughout the coming days. Biviano said the author’s use of all of a variety of techniques has enabled the relatively recent BAGLE variants to spread more quickly than most other malware.

“These techniques point to the malware author's ability to launch new variants into the field,” Biviano said.  “Utilizing an established BOT network gives the author access to potentially hundreds of thousands of previously infected machines that can act as the launch pad for all new variants.  This essential foundation, coupled with the use of both a tri-component technique and a packer with polymorphic capabilities, created a relatively successful strain, despite the odds stacked against it.”

Security experts warn that WORM_BAGLE.CL could possibly mark the re-emergence of a concerning trend.  A future variant utilizing a better propagation technique (as we saw with BAGLE variants in September 2005) and more effective social engineering could lead to a significant number of infections.