W32/Bagle-A

Categoría: Virus y programas espía Protección disponible desde:23 ene 2004 00:00:00 (GMT)
Tipo: Win32 worm Última actualización:23 ene 2004 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

W32/Bagle-A is a worm that sends itself to addresses harvested from files on the hard disk. The worm spoofs the "From" field in emails it sends, which means that it may appear to have come from someone you know.

W32/Bagle-A arrives in an email with the following characteristics:

Subject line: Hi

Message text:
Test =)
[random characters]
--
Test, yep.

Attached file: <random name>.exe

The attached file may appear as a calculator icon. The worm deliberately launches the Calculator application as a disguise.

W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and sets the following registry entry to ensure the worm is run at logon:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe

The worm also sets the following registry entries:

HKCU\Software\Windows98\uid
HKCU\Software\Windows98\frun

W32/Bagle-A includes a backdoor component which listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers.

Note that W32/Bagle-A will not activate if the system date is 28 January 2004 or later.

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad