TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_BAGLE.AB
Overview
Solution

Malware type: Trojan

Aliases: Email-Worm.Win32.Bagle.ee (Kaspersky), W32/Bagle.dk (McAfee), Trojan.Lodear (Symantec), TR/Bagle.DO (Avira), Troj/BagleDl-W (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.

TROJ_BAGLE.AB Behavior Diagram

Malware Overview

This Trojan arrives on a system as an attachment of mass-mailed email messages. It is usually dropped by TROJ_MDROPPER.I. When executed, it drops certain files in the Windows system folder.

It also creates a folder named exefld in the Windows folder. It then drops its downloaded files into the said folder. One of the downloaded files is detected by Trend Micro as WORM_BAGLE.BQ.

It waits for active Internet connection and accesses several Web sites to download and execute files on the affected system. However, the said Web sites are unavailable as of this writing.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 1, 2005 8:19:27 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.