W32/Bagle-AB Mass eMailing Worm on the loose
Internet security firm Sophos warned Internet users of W32/Bagle-AB, a mass emailing worm for the Windows operating system. Sophos received several reports of this worm spreading on the Internet.
W32/Bagle-AB is also known as Email-Worm.Win32.Bagle.dw or W32.Beagle.CG@mm.
This Win32 worm when first run, tries to copy itself to the Windows system folder as windll2.exe and creates the following registry entry so as to auto-start:
HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\Ru1n
erthegdr\windll2.exe
W32/Bagle-AB also attempts to download and execute components from the Web. The worm turns off anti-virus applications and allows others to access the computer.
W32/Bagle-AB worm forges the sender’s email address and uses its own emailing engine to send out emails to addresses from the infected computer.
The W32/Bagle-AB virus identity file (IDE) includes detection for Troj/GWGhost-R, Troj/Zlob-N, Troj/KillAv-AO, Troj/Bancban-FJ, Troj/Hanlo-A, VBS/StarDrop-A and Troj/Istbar-BR.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
