|
Description: (See also Overview Diagram)
It spreads via email by sending an email message, which exploits the Object Tag vulnerability in Popup Window (MS03-040). This vulnerability allows a malicious user to run arbitrary codes on the user's system. The email message this BAGLE variant sends does not have a file attachment, but instead contains a link to a virus copy. Once the virus email is viewed, the message body (containing the code) attempts to download PE_BAGLE.Q from a certain location.
More information about the vulnerability is available from the following Microsoft page:
As revealed by the virus codes, this file infector may also use another routine for spreading, but the said technique fails to manifest during testing.
This virus also attempts to spread via peer-to-peer or file-sharing networks by dropping several virus copies using varying file names in folders that have the text string shar in their names (e.g., C:\Program Files\Kazaa\My Shared Folder).
This virus also has backdoor capabilities. It opens port 2556 and other randomly-generated ports, where it waits for commands from a malicious user.
It terminates certain processes, most of which are related to antivirus and firewall applications.
It runs on Windows 98, ME, NT, 2000 and XP.
For more information, consult the technical details section.
Overview Diagram:
| |
Spread Mechanism |
Affected Software |
| |
| Spread Mechanism
Spread Mechanism
Spread Mechanism |
| Affected Software
Affected Software
Affected Software |
| | | | Spread Mechanism 2
Spread Mechanism 2
Spread Mechanism 2 |
| Affected Software 3
Affected Software 3
Affected Software 3 |
| | |
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 17, 2004 9:56:33 PM GMT -0800
Description updated: Mar. 19, 2004 8:18:41 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
