Discussion in 'malware problems & news' started by Randy_Bell, Feb 21, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    WORM_BAGLE.B is a memory-resident, mass-mailing worm that propagates by sending copies of itself using SMTP. It sends email with the following:

    From: <a spoofed address>
    Subject: ID btm... thanks
    Message Body: Yours ID smcyfjkfer
    Attachment: <a randomly named .EXE file>

    It drops a copy of itself in the Windows System folder as AU.EXE, using the icon for files associated with Microsoft Sound Recorder. It runs on Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this worm checks the system date. If the date is later than February 25, 2004, it immediately terminates. It also creates a registry entry that allows it to automatically execute at every Windows startup. In addition, it launches SNDREC32.EXE or Microsoft Sound Recorder upon execution.

    This worm propagates by mass-mailing copies of itself using SMTP. It obtains email addresses from .HTM, .HTML, .TXT and .WAB files, and skips addresses that contain .r1u, @hotmail.com, @msn.com, @microsoft, and @avp.

    WORM_BAGLE.B also has backdoor capabilities. It opens a port and listens for remote connections, and may also download and execute an updated copy of itself.

    If you would like to scan your computer for WORM_BAGLE.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_BAGLE.B is detected and cleaned by Trend Micro pattern file #767 and above.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.