Malware type: Trojan

Aliases: Email-Worm.Win32.Bagle.gh (Kaspersky), W32/Bagle.gen@MM (McAfee), Trojan.Tooso.R (Symantec), TR/Bagle.Gen.B (Avira), W32/Bagle-KH (Sophos), TrojanDownloader:Win32/Bagle.EF (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan arrives as an attachment to an email message spammed by a certain WORM_BAGLE variant.

Upon execution, this Trojan drops a copy of itself as HLDRRR.EXE in the Windows system folder.

It also creates the subfolder %System%\EXEFLD, where it saves the files it downloads from several Web sites. The downloaded files contain Web sites, where this Trojan can further download possibly malicious files. This routine further compromises the affected machine to other malware attacks.

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 15, 2006 11:04:13 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.