Discussion in 'malware problems & news' started by Randy_Bell, Oct 8, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    WORM_BAGZ.A is a memory-resident, mass-mailing worm which uses SMTP (Simple Mail Transfer Protocol) to propagate. It arrives as an attachment to an email with a spoofed From field and varying subjects, message bodies, and attachment file names. This non-destructive worm also drops multiple components in the Windows system folder upon execution. It runs on Windows 95, 98, ME, NT, 2000 and XP, and is currently spreading in-the-wild.

    Upon execution, this worm drops the following files in the Windows system folder: DRIVERS\NDISRD.SYS DL.EXE – downloads and executes a file from a remote site; IPDB.DLL; JOBDB.DLL; NDISAPI.DLL; NDISRD.SYS; SYSLOGIN.EXE – a mass-mailing component of this worm; TUTORIAL.DOC<numerous space characters>.EXE – a copy of this worm; TUTORIAL.ZIP - a .ZIP archive that contains the file; TUTORIAL.DOC<numerous space characters>.EXE

    It also adds a registry entry that allows it to automatically execute at every system startup, and uses Simple Mail Transfer Protocol (SMTP) to send multiple copies of itself. It arrives on a system as an attachment to an email with following details: {See the site tech-details for details of message body, subject, attachment}.

    If you would like to scan your computer for WORM_BAGZ.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    WORM_BAGZ.A is detected and cleaned by Trend Micro pattern file 2.189.04 and above.
    Last edited: Oct 9, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.