WORM_BAGLE.B

Discussion in 'malware problems & news' started by Randy_Bell, Feb 21, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_BAGLE.B is a memory-resident, mass-mailing worm that propagates by sending copies of itself using SMTP. It sends email with the following:

    From: <a spoofed address>
    Subject: ID btm... thanks
    Message Body: Yours ID smcyfjkfer
    --
    Thank
    Attachment: <a randomly named .EXE file>

    It drops a copy of itself in the Windows System folder as AU.EXE, using the icon for files associated with Microsoft Sound Recorder. It runs on Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this worm checks the system date. If the date is later than February 25, 2004, it immediately terminates. It also creates a registry entry that allows it to automatically execute at every Windows startup. In addition, it launches SNDREC32.EXE or Microsoft Sound Recorder upon execution.

    This worm propagates by mass-mailing copies of itself using SMTP. It obtains email addresses from .HTM, .HTML, .TXT and .WAB files, and skips addresses that contain .r1u, @hotmail.com, @msn.com, @microsoft, and @avp.

    WORM_BAGLE.B also has backdoor capabilities. It opens a port and listens for remote connections, and may also download and execute an updated copy of itself.

    If you would like to scan your computer for WORM_BAGLE.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_BAGLE.B is detected and cleaned by Trend Micro pattern file #767 and above.
     
Thread Status:
Not open for further replies.