| Description:
|
Details
I-Worm.Bagle.j
This worm spreads via the Internet as an attachment to infected messages, and also via file sharing networks. It is packed using UPX; the size of the compressed file is 12843 bytes, and the size of the uncompressed file is 49707 bytes. The worm may write nonsense to the end of the file, in which case the size of the file will differ from the size shown above.
This current version is almost identical to I-Worm.Bagle.i, and differs only in the following insignificant ways:
The text of the message sent to the author of NetSky has been changed:
"Hey, NetSky, fuck off you bitch!"
The name of the file which the worm writes itself has been changed, and correspondingly, so has the value of the system registry key:
File name:
winsys.exe
Registry key:
[HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"ssate.exe" = "%system%winsys.exe" |
