This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.
Email-Worm:W32/Bagle.D is very similar to Email-Worm:W32/Bagle.C, which was only released roughly 12 hours before this newer variant emerged.
There are very few differences in the C and D variants; they have the same sizes and same functionality, and the e-mails sent by them are identical. The major difference involves changes to the D variant to allow it to avoid detection by some antivirus programs.
Another, more minor change, involves a mutex installed by the worm to prevent it from installing on an already infected machine; Bagle.C uses the mutex name ""imain_mutex", whereas Bagle.D uses "iain_m2".
Bagle.D was found in the wild on February 28th, 2004