Fortinet protects against W32/Bagle.CJ-mm (also known as W32/Mitglieder.FE). Latest Trojan Unexpectedly Disables Firewall, Antivirus and Other Security Applications Upon Opening Email Attachments

A new Trojan, W32/Bagle.CJ-mm is received via an email with .exe or .zip file attachments that contain a malicious executable file, which injects itself into Windows Explorer processes and stays resident in memory upon execution. As a Trojan, W32/Bagle.CJ-mm is spammed and does not spread by itself. Upon opening related attachments, the Trojan affects users by unexpectedly disabling firewall, antivirus and other security related applications, renaming files, deleting processes and generally lowering security settings. This latest Trojan is affecting users worldwide and Fortinet rates W32/Bagle.CJ-mm as a "Level Four" threat given that it is currently being spammed out in very large numbers. To protect against W32/Bagle.CJ-mm, Fortinet advises against opening simplistic email messages with .exe or .zip attachments, as well as attachments within emails from unknown senders. For instance, Fortinet advises against opening the attachment within the following example email:

Subject: new price
Body: price

For further information on W32/Bagle.CJ@mm, please visit Fortinet's virus encyclopedia at:

For more information on Fortinet's FortiGuard Distribution Network please visit: