Email-Worm.Win32.Bagle.ai

tag:E-mail Worms

0 0

This worm spreads via the Internet as an attachment to infected messages and also via P2P networks.

It is approximately 20 KB in size and packed using PEX.

Installation

Once launched, the worm copies itself to the Windows system directory as winxp.exe. It then registers this file in the system registry to ensure that this file is launched each time the system is started.

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "key"="%system%\winxp.exe"

The worm also creates the following files in the Windows system directory:

winxp.exeopen
winxp.exeopenopen
winxp.exeopenopenopen
winxp.exeopenopenopenopen

Propagation

The worm searches disks for files with extensions from the following lists. It sends itself to all addresses harvested from these files.

adb
asp
cfg
cgi
dbx
dhtm
eml
htm
jsp
mbx

mdx
mht
mmf
msg
nch
ods
oft
php
pl
sht

shtm
stm
tbb
txt
uin
wab
wsh
xls
xml

previous:Email-Worm.Win32.Bagle.aa
previous:Email-Worm.Win32.Bagle.ah

Virus Source from:

New articles

WORM_KELIHOS.SMhis worm may be downloaded from the following remote sites: http://{BLOCKED}.240.36/flash2.exe It may be downloaded from remote site(s) by the follow...Email-Worm.Win32.3DStars This is an Internet worm that spreads via e-mail as an attached EXE file. The worm itself is a Win32 executable file about 70Kb in length, and written in Visua...Email-Worm.Win32.Abotus This is the worm virus spreading via the Internet being attached to infected emails. The worm itself is Windows PE EXE file about 18Kb of length, written in De...Email-Worm.Win32.Aliz This is a virus-worm that spreads via the Internet, attached to infected e-mails. The worm itself is a Windows PE EXE file about 4Kb in length and written in A...Email-Worm.Win32.Bagle.ef This Bagle variant is unable to replicate independently. However, all other functionality indicated that this worm is a member of the Bagle family. It was mass...

Hot Articles

Email-Worm.Win32.Bagle.ai

Installation

Propagation

Computer Virus Clounds