W32/Bagle.s@MM

Discussion in 'malware problems & news' started by Marianna, Mar 18, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Virus Information
    Discovery Date: 03/18/2004
    Origin: Unknown
    Length: 26,557 bytes
    Type: Virus
    SubType: E-mail worm

    Update March 18th 2004 08:25 PST --
    This threat has been deemed Low-Profiled due to media attention at the following site:
    http://zdnet.com.com/2100%2D1105%2D5175172.html
    --
    A new variant of W32/Bagle@MM has been received.


    This variant is very similar to W32/Bagle.q@MM

    contains its own SMTP engine to construct outgoing messages
    uses a Microsoft vulnerability found in security bulletin MS03-032 to download the worm on port 81 without user running the attachment
    harvests email addresses from the victim machine
    the From: address of messages is spoofed
    contains a remote access component (notification is sent to hacker)
    copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
    encrypted polymorphic parasitic file infector

    http://vil.nai.com/vil/content/v_101111.htm
     
    Marianna, Mar 18, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...