Virus Information Name: W32/Bagle.af@MM
Risk Assessment
- Home Users: Medium
- Corporate Users: Medium
Date Discovered: 7/15/2004
Date Added: 7/15/2004
Origin: Unknown
Length: Varies
Type: Virus
SubType: E-mail
DAT Required: 4377
Virus Characteristics
This is a mass-mailing worm with the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
attachment can be a password-protected zip file, with the password included in the message body.
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
uses various mutex names selected from those W32/Netsky variants have used, in order to prevent those W32/Netsky variants running on infected machines
terminates processes of security programs and other worms
deletes registry entries of security programs and other worms
The details for non-ZIP files (.EXE, .SCR,.COM,.ZIP, .CPL) are as follows:Subject :
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
RE: Incoming Msg
RE: Message Notify
Notification
Changes..
Update
Fax Message
Protected message
RE: Protected message
Forum notify
Site changes
Re: Hi
Encrypted document
Also:
MAKE SURE YOU ARE SENDING E-MAILS CAREFULLY. YOU MAY UNWILLINGLY TRANFER FRIENDS OR FAMILY A VIRUS.
No well-behaved person ever changed the world.