Various sites are reporting about a new email based worm called Bagle. Of course, it follows the list we already know - in other words - it only affects windows users and you do have to open an attachment. It appears that the email comes with a subject of "Test" and in the body of the message are the words "Test, yep." However this information could be variable.
It appears to add this key to the registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d3update.exe"="%system%\bbeagle.exe"
And copies itself to the system directory under the filename "bbeagle.exe".
It also runs "calc.exe" and then appempts to download "TrojanProxy.Win32.Mitgleide" from a number of sites and then execute it. It tries to scan local disks for email addresses, which it will then send itself to by using a built in SMTP service.
With an expiry date of 28th January, I doubt it will cause much of an issue. Biut even so, update your anti-virus patterns and don't open attachments from unknown senders or indeed any attachment that looks suspect.
For more information, see visit one of your local antivirus supplier.
Post ID: 240, posted by jase at 05:55 PMThanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved before your comment will appear.)