Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AZ Dear Trend Micro customer, As of January 27, 2005 1:42 AM PST (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AZ. TrendLabs has received several infection reports indicating that this malware is spreading in US, China, and Japan. This WORM_BAGLE variant arrives on a system as an email attachment. It sends copies of itself to all email addresses it gathers from files with certain extensions but skips those addresses that contain particular strings. =============================== Users must be wary of the email it sends that have the following details: Subject: (any of the following) Delivery service mail Delivery by mail Registration is accepted Is delivered mail You are made active Thanks for use of our software. Before use read the help Message body: (any of the following) Delivery service mail Delivery by mail Registration is accepted Is delivered mail You are made active Thanks for use of our software. Before use read the help Attachments: (any of the following file names) guupd02.exe Jol03.exe siupd02.exe upd02.exe viupd02.exe wsd01.exe zupd02.exe (with any of the following extensions) COM CPL EXE SCR =============================== The email is spoofed and may appear to have come from a familiar email address. As a general rule, users should avoid opening the attachments of unsolicited email. This worm drops a copy of itself using the following file names into the Windows system folder: sysformat.exe sysformat.exeopen sysformat.exeopenopen It also looks for folders that have the string shar then drops copies of itself using file names with EXE extensions into those folders. In addition, this worm terminates several processes, most of which are related to antivirus and security programs. TrendLabs has uploaded the following: TMCM Outbreak Prevention Policy 140 Official Pattern Release 2.375.00 Damage Cleanup Template 495 For more information on WORM_BAGLE.AZ, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AZ Contact firstname.lastname@example.org for inquiries and to report infections in your region.