W32/Bagle.t@MM

Discussion in 'malware problems & news' started by Marianna, Mar 18, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Virus Information
    Discovery Date: 03/18/2004
    Origin: Unknown
    Length: 25,600 Bytes
    Type: Virus
    SubType: E-mail worm

    A new variant of W32/Bagle@MM has been received which is detected and repaired as W32/Bagle.t@MM with the 4340 DATs and higher (with scanning of compressed files enabled).


    This variant is very similar to W32/Bagle.q@MM

    contains its own SMTP engine to construct outgoing messages
    uses a Microsoft vulnerability found in security bulletin MS03-032 to download the worm on port 81 without user running the attachment
    harvests email addresses from the victim machine
    the From: address of messages is spoofed
    contains a remote access component (notification is sent to hacker)
    copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
    encrypted polymorphic parasitic file infector

    http://vil.nai.com/vil/content/v_101112.htm
     
Thread Status:
Not open for further replies.