high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Protection available since | 30 November 2006 23:10:26 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Bagle-QS is a worm for the Windows platform.
W32/Bagle-QS emails itself in an encrypted zip file to addresses found on the user's computer.
Emails sent by the worm have the following characteristics:
Subject line chosen from:
new <date>
price<date>
price_ <date>
price_new <date>
Message text chosen from:
It Is Protected
Passwrd:
thank you !!!
Passwrd:
New year's discounts
Passwrd:
The attached file is named:
new_price<date>.zip
price_list<date>.zip
latest_price<date>.zip
<date> is the date the email was sent in the following format 30-Nov-2006.
The zip file is detected as W32/Bagle-Zip. W32/Bagle-QS is a worm for the Windows platform.
W32/Bagle-QS emails itself in an encrypted zip file to addresses found on the user's computer.
Emails sent by the worm have the following characteristics:
Subject line chosen from:
new <date>
price<date>
price_ <date>
price_new <date>
Message text chosen from:
It Is Protected
Passwrd:
thank you !!!
Passwrd:
New year's discounts
Passwrd:
The attached file is named:
new_price<date>.zip
price_list<date>.zip
latest_price<date>.zip
<date> is the date the email was sent in the following format 30-Nov-2006.
The zip file is detected as W32/Bagle-Zip.
The zip file is password protected with a 6 digit password which is embedded in the email as an image.
When first run W32/Bagle-QS copies itself to:
<User>\Application Data\hidn\hidn2.exe
<User>\Application Data\hidn\hldrrr.exe
W32/Bagle-QS attempts to disable anti-virus and security software and contains functionality to download and run further software.
|
