W32/Bagle.t@MM

Discussion in 'malware problems & news' started by Marianna, Mar 18, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Virus Information
    Discovery Date: 03/18/2004
    Origin: Unknown
    Length: 25,600 Bytes
    Type: Virus
    SubType: E-mail worm

    A new variant of W32/Bagle@MM has been received which is detected and repaired as W32/Bagle.t@MM with the 4340 DATs and higher (with scanning of compressed files enabled).


    This variant is very similar to W32/Bagle.q@MM

    contains its own SMTP engine to construct outgoing messages
    uses a Microsoft vulnerability found in security bulletin MS03-032 to download the worm on port 81 without user running the attachment
    harvests email addresses from the victim machine
    the From: address of messages is spoofed
    contains a remote access component (notification is sent to hacker)
    copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
    encrypted polymorphic parasitic file infector

    http://vil.nai.com/vil/content/v_101112.htm
     
    Marianna, Mar 18, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...