W32.Bagle
W32.Bagle is an email worm that sends itself to addresses harvested from files on the hard disk. The worm spoofs the "From" field in emails it sends, which means that it may appear to have come from someone you know.
The worm installs a backdoor to infected machines.
It usually arrives with the following subject:
Hi
The body of the infected mail will be;
Test =)
variable string
--
Test, yep.
The infected email carries an infected attachment with a random file name.
Upon execution of the infected attachment, W32.Bagle checks the system date, and if the date is January 28th, 2004 or later, it terminates itself without further activity. If the system date is prior to January 28th, 2004, W32.Bagle executes and launches Windows calc.exe, and simultaneously copies itself as bbeagle.exe in the Windows\System folder.
Moreover, W32.Bagle may install a backdoor on your machine, and this places any financial or banking information stored on your computer in severe jeopardy and represents a serious security risk.
File System Modifications
- The following files were created in the system:
# File Name 1 acdsee9.exe 2 adobe photoshop 9 fuââ.exe 3 aheadnero7.exe 4 matrix3revolutionenglishsubtitles.exe 5 opera8new!.exe 6 pornoscreensaver.scr 7 serials.txt.exe 8 winamp 5 pro keygen crack update.exe 9 winamp6new!.exe 10 windown longhorn beta leak.exe 11 windowssourcecodeupdate.doc.exe 12 xxx hardcore images.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.