Bagle.AI - Medium Risk
Bagle.AI - Medium Risk (McAfee)
http://vil.nai.com/vil/content/v_126798.htm
http://www.f-secure.com/v-descs/bagle_ai.shtml
http://secunia.com/virus_information/10740/bagle.ai/
Beagle.AG - Medium Risk (Symantec)
http://www.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html
VirusTotal reports significant infections
http://www.virustotal.com/flash/index_en.html
This is a mass-mailing worm with the following characteristics:
- contains its own SMTP engine to construct outgoing messages
- harvests email addresses from the victim machine
- the From: address of messages is spoofed
- attachment can be a password-protected zip file, with the password included in the message body.
- contains a remote access component (notification is sent to hacker)
- copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
- uses various mutex names selected from those W32/Netsky variants have used, in order to prevent those W32/Netsky variants running on infected machines
- terminates processes of security programs and other worms
- deletes registry entries of security programs and other worms
From : (address is spoofed)
Subject : Re:
Body Text:
- >foto3 and MP3
- >fotogalary and Music
- >fotoinfo
- >Lovely animals
- >Animals
- >Predators
- >The snake
- >Screen and Music
The worm will add the following body text if the attachment is sent as a password-protected ZIP file.
- Password: (random number)
- Pass - (random number)
- Key - (random number)
Attachment: (with extension .EXE, .SCR, .COM, .CPL or .ZIP)
- MP3
- Music_MP3
- New_MP3_Player
- Cool_MP3
- Doll
- Garry
- Cat
- Dog
- Fish