|
|
I-Worm.Bagle.a Viruses Information
| Name: |
I-Worm.Bagle.a |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Bagle.ao
This worm spreads via the Internet as an attachment to infected emails, and also via file-sharing networks.
It is almost identical to I-Worm.Bagle.an
It is compressed using PEX; the compressed file is 174924 bytes in size, and the uncompressed file is 23556 bytes in size.
Propagation via email
Infected messages:
Message header:
photo
Message body:
photo
The message body appears as an HTML page.
Attachment name:
foto.zip
fotos.zip
The attached archive is 4558 bytes in size.
Attachment contents:
foto.html 1calc.exe
The first file contains Exploit.CodeBaseExec
The second file contains TrojanDropper.Win32.Small.kv, which installs TrojanDownloader.Win32.Agent.cj on the victim machine. This program then downloads the main module of the worm.
Other
File names, registry key values, remote administration functions and the routine for propagating via file-sharing networks are identical to those of I-Worm.Bagle.an
The worm is programmed to cease functioning and to delete itself after 2nd September 2004. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Macro.Word.T
Animals.2400.
Macro.Word97.Clas
Shrapnel.606
All.181
Fm.76
Reset.35
Chcc.266
VC
Macro.Word.Concep
|
|
