Malware type: Trojan

Aliases: W32/Bagle.gen (McAfee), Trojan.Lodear (Symantec), TR/Bagle.FL (Avira), Troj/BagleDl-AW (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This memory-resident Trojan arrives on a system as an attachment to mass-mailed email messages.

Once a user executes the said attachment, it drops its copy on the affected machine. Presence of the file ANTI_TROJ.EXE indicates infection.

It looks for the legitimate Windows file NTIMAGE.GIF, which it displays using the default image viewer, in the Windows system folder of affected machines. It does the said routine to make it appear that the execution of this Trojan's dropped file only opens the said .GIF file.

This Trojan creates a registry entry as part of its installation routine, as well as two other registry entries to ensure that it executes every system startup.

Moreover, it downloads and executes a file from a list of URLs. The said file is detected by Trend Micro as TROJ_BAGLE.GS.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 22, 2005 2:07:47 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.