Bagle.Z - MEDIUM RISK
Virus Characteristics: - Update 26th April 09:37 PST -- Due to increased prevalence, this threat has had its risk assessment raised to medium.
This is a new variant of W32/Bagle@MM. It is packed using UPX. It is not polymorphic and a static MD5 is not suitable as garbage is always appended to the file. This is a mass-mailing worm with the following characteristics:
- contains its own SMTP engine to construct outgoing messages harvests email addresses from the victim machine
- the From: address of messages is spoofed attachment can be a password-protected zip file, with the password included in the message body.
- contains a remote access component (notification is sent to hacker)
- copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)