W32/Bagle-IV

Category: Viruses and Spyware Protection available since:04 May 2006 00:00:00 (GMT)
Type: Win32 worm Last Updated:04 May 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Bagle-IV is a mass-mailing worm and backdoor Trojan for the Windows platform.

W32/Bagle-IV includes functionality to access the internet and communicate with a remote server via HTTP. W32/Bagle-IV is a mass-mailing worm and backdoor Trojan for the Windows platform.

W32/Bagle-IV includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/Bagle-IV copies itself to <Windows>\csrss.exe and creates the file <Temp>\Message.zip.

The file Message.zp is detected as W32/Bagle-Zip.

The following registry entry is changed to run W32/Bagle-IV on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger
<Windows>\csrss.exe

W32/Bagle-IV will attempt to email itself to addresses harvested from the infected computer as an attachment.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy