Malware type: Worm

Aliases: Email-Worm.Win32.Bagle.hd, W32/Bagle.gen, Trojan.Tooso.R, TR/Bagle.Gen.B, is a security risk named W32/Mitglieder.VO, Worm:Win32/Bagle.ZP

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 

This memory-resident worm propagates by mass-mailing copies of itself using SMTP (Simple Mail Transfer Protocol).

The following is a sample email message sent out by this worm:

(NOTE: The FROM field is a spoofed address.)

The attachment is a randomly named .EXE file or <random>.exe.

It drops a copy of itself that uses an icon for files associated with the Microsoft Sound Recorder to fool unsuspecting users. It also executes Microsoft Sound Recorder when executed.

This worm has backdoor capabilities. It opens TCP port 8866 and attempts to connect to certain Web sites. It may update or remove itself from infected machines.

This worm does not execute if the system date is later than February 25, 2004.

It runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Feb. 17, 2004 6:11:29 AM GMT -0800
Description updated: Feb. 17, 2004 9:32:37 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.