Post a Reply
Back to the Forum
And yet another new virus :o(
Virus description:
Name: Win32.Bagle.B@mm Type: Executable Mass Mailer Size: 11,264 (packed)Discovered: 17.02.2004 Detected: 17.02.2004 Spreading: Medium Damage: Medium In The Wild: Yes
Description:
It arrives in an e-mail, formatted like this:
From: (spoofed address, could be anything)
Subject: ID %random_letters%... thanks
Body:Yours ID %random_letters% -- Thank
Attachment: %random_letters%.exe (11,264 bytes)
Example: Subject: ID ldksy... thanks
Body: Yours ID rnhyijwo -- Thank
Attachment: jeqcnfmbiv.exe (11,264 bytes)
When run, the virus launches sndrec32.exe (Sound Recorder from Windows) Then, it starts searching for e-mails in files with the following extensions: WAB, TXT, HTM & HTML then, it tries to send itself to all the e-mail addresses found, in the e-mail format described above. It sends a notification message to a list of web sites; the message contains information about the infected computer.This information could be used for uploading other executable files to the infected computers. The worm starts a thread that listens for connections from a remote machine. This connection it is used for downloading a file and executing it, andit may be used as an auto update mechanism.
Be careful with e-mail attachments folks!
Name: Win32.Bagle.B@mm Type: Executable Mass Mailer Size: 11,264 (packed)Discovered: 17.02.2004 Detected: 17.02.2004 Spreading: Medium Damage: Medium In The Wild: Yes
Description:
It arrives in an e-mail, formatted like this:
From: (spoofed address, could be anything)
Subject: ID %random_letters%... thanks
Body:Yours ID %random_letters% -- Thank
Attachment: %random_letters%.exe (11,264 bytes)
Example: Subject: ID ldksy... thanks
Body: Yours ID rnhyijwo -- Thank
Attachment: jeqcnfmbiv.exe (11,264 bytes)
When run, the virus launches sndrec32.exe (Sound Recorder from Windows) Then, it starts searching for e-mails in files with the following extensions: WAB, TXT, HTM & HTML then, it tries to send itself to all the e-mail addresses found, in the e-mail format described above. It sends a notification message to a list of web sites; the message contains information about the infected computer.This information could be used for uploading other executable files to the infected computers. The worm starts a thread that listens for connections from a remote machine. This connection it is used for downloading a file and executing it, andit may be used as an auto update mechanism.
Be careful with e-mail attachments folks!
0 Replies and 632 Views in Total.