I-Worm.Bagle.a
Description I-Worm.Bagle.a
This worm spreads via the Internet in an attachment to infected emails.
The worm itself is a Window PE EXE file of approximately 15KB.
Messages sent by the worm have the following characteristics:
From:
random sender
Subject:
Hi
Body:
Test =)
Signature:
Test, yep
Attach:
random name
Installation
The worm is activated only if a user clicks on the attached file. When installing, the worm copies itself to the system directory under the name 'bbeagle.exe' and registers this file in the system registry auto-run key:
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"d3dupdate.exe" = "%system%�beagle.exe"
The worm will also run the Windows application calc.exe.
The worm attempts to connect to several remote sites relating to TrojanProxy.Win32.Mitglieder.
Replication
The worm looks for files with the extensions wab, txt, htm, html, r1 and scans them for email-like text strings, then sends infected messages to the email addresses found.
The worm uses an SMTP engine to send infected messages.
Backdoor function
The worm opens port 6777 to listen for commands. The backdoor function allows the attacker to download files and execute commands on the infected computer.
Other
If the system date is later than 28th January 2004, the worm will not have any effect.
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.MSW
Description Macro.Word.MSW
This virus contains five macros: mswFS, FileClose, AutoOpen, AutoExec, ToolsMacro. It infects the system on AutoOpen and writes itself to files on FileClose.
The AutoExec virus macro contains nothing but remarked picture:
PAPER SHREDDER (c) Sirius (alpha CMa), Sirius B White Dwarf
999999
999999999
999999999999
99999999999999
999999 999999
999999999 99999999
@99999999999999 99999
999999999999999 99
99999 9999999999 9999 9
99999999 9999999 999
9999 999999 99999 999
9999 9999999 999999 99
999 9999999 999999 99
99 999 99999999999999999 99
99 99999999999999999999999999999999 99
999999999999999999999999999999999999999 9999
Macro.Word.MTF
Description Macro.Word.MTF
It is a harmless macro virus. It contains two macros that have different names in infected documents and NORMAL.DOT:
Documents NORMAL.DOT
FileSave FileSave
AutoOpen Mtf1
The virus infects the system on opening an infected document (AutoOpen) and writes itself to documents that are saved (FileSave). The virus does not manifest itself in any other way.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Resource Of Information
Forensic Duplicator
Sprachdidaktik.de
Bioladen
Km Optoteknik Ab
|