Tuesday, February 1, 2005
As of January 27, 2005 1:42 AM PST (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AZ. TrendLabs has received several infection reports indicating that this malware is spreading in US, China, and Japan. This WORM_BAGLE variant arrives on a system as an email attachment. It sends copies of itself to all email addresses it gathers from files with certain extensions but skips those addresses that contain particular strings.
Users must be wary of the email it sends that have the following details:
| Subject: (any of the following) |
Attachments: (any of the following file names) |
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help |
guupd02.exe
Jol03.exe
siupd02.exe
upd02.exe
viupd02.exe
wsd01.exe
zupd02.exe |
| Message body: (any of the following) |
(with any of the following extensions) |
Delivery service mail
Delivery by mail
Registration is accepted
Is delivered mail
You are made active
Thanks for use of our software.
Before use read the help |
COM
CPL
EXE
SCR |
The email is spoofed and may appear to have come from a familiar email address. As a general rule, users should avoid opening the attachments of unsolicited email. This worm drops a copy of itself using the following file names into the Windows system folder:
| sysformat.exe |
sysformat.exeopen |
sysformat.exeopenopen |
It also looks for folders that have the string shar then drops copies of itself using file names with EXE extensions into those folders. In addition, this worm terminates several processes, most of which are related to antivirus and security programs.
By: DocMemory
Copyright © 2023 CST, Inc. All Rights Reserved
|
