Sophos Warns Internet users of W32/Bagle-KH Worm Targeting Windows
Security giant Sophos has issued a warning for all internet users cautioning them of the W32/bagle-KH worm, which targets Windows users. The worm which has been dubbed as W32/Bagle.gen@MM aswell, is spreading through email attachments. Sophos said it has received several reports of this Win32 worm from the wild.
The W32/Bagle-KH includes functionality to access the Internet and communicate with a remote server via HTTP. When first run W32/Bagle-KH copies itself to [Windows system folder]\hldrrr.exe.
The following registry entries are created to run hldrrr.exe on startup: HKCU\Software\Microsoft\Windows\
CurrentVersion\Run hldrrr [Windows system folder]\hldrrr.exe
HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run hldrrr [Windows system folder]\hldrrr.exe
Registry entries are created under:
HKCU\Software\FirstRRRun\
For more information and to download the virus identity (IDE) file for W32/Bagle-KH, click here.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
