WORM_BAGLE.B is a memory-resident, mass-mailing worm that propagates by sending copies of itself using SMTP. It sends email with the following: From: <a spoofed address> Subject: ID btm... thanks Message Body: Yours ID smcyfjkfer -- Thank Attachment: <a randomly named .EXE file> It drops a copy of itself in the Windows System folder as AU.EXE, using the icon for files associated with Microsoft Sound Recorder. It runs on Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this worm checks the system date. If the date is later than February 25, 2004, it immediately terminates. It also creates a registry entry that allows it to automatically execute at every Windows startup. In addition, it launches SNDREC32.EXE or Microsoft Sound Recorder upon execution. This worm propagates by mass-mailing copies of itself using SMTP. It obtains email addresses from .HTM, .HTML, .TXT and .WAB files, and skips addresses that contain .r1u, @hotmail.com, @msn.com, @microsoft, and @avp. WORM_BAGLE.B also has backdoor capabilities. It opens a port and listens for remote connections, and may also download and execute an updated copy of itself. If you would like to scan your computer for WORM_BAGLE.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com WORM_BAGLE.B is detected and cleaned by Trend Micro pattern file #767 and above.