Bagle.Z - MEDIUM RISK (Bagle.W at some AV sites)http://vil.nai.com/vil/content/v_122415.htmhttp://www.symantec.com/avcenter/venc/data...email@example.com://www.f-secure.com/v-descs/bagle_y.shtml
- Update 26th April 09:37 PST --
Due to increased prevalence, this threat has had its risk assessment raised to medium.
This is a new variant of W32/Bagle@MM. It is packed using UPX. It is not polymorphic and a static MD5 is not suitable as garbage is always appended to the file.
This is a mass-mailing worm with the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
attachment can be a password-protected zip file, with the password included in the message body.
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)