W32/Bagle.B@mm
| W32/Bagle.B@mm |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 2/17/2004 | • Type: Backdoor, Worm |
| • Virus characteristics first published: 2/17/2004 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 2/22/2007 | • Overall risk: High |
| • Alias: W32/Tanx.A | • Payload: Backdoor functionality |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
Email characteristics:
When executed, this worm will first check whether current date is later than Feb. 25th 2004. If it is, it just quits and does nothing. If the date is earlier or equal, it copies itself to the Windows system directory using the name AU.EXE, and installs itself in the registry to be run from startup. After this it will normally invoke the sound recorder application SNDREC32.EXE, however this will not happen if the worm starts as result of an update process or if it is started from the System directory. It harvests email addresses from *.wab, *.htm, *.html and *.txt files found on the local hard drives and uses these when composing emails. The worm creates the following registry entries: Every 10000th second (every 2.7 hr) it will attempt to contact the web sites below with port number listened to and the infected users ID number as parameters. http://www.47df.de/wbboard/1.php |
||||||||||||||