The firm said Bagle.AT is a polymorphic worm arriving in emails and with a number of different headers.
It's similar to the other Bagles around, and attaches itself to emails as a .EXE file with .com, .exe, .scr and .cpl extensions.
Typical text strings include "delivery service mail", "delivery by mail", "registration is accepted", "is delivered mail" and "you are made active".
Bagle.AT also open a back door to PCs that listens on port 81, and is password encrypted. That allows the author of the worm to connect to PCs and let him or her execute programs. The infected machines are reported to the worm's author. µ
Sign up for INQbot – a weekly roundup of the best from the INQ