Aliases: W32/Bagle-TC, W32/Bagle-UA
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 03 Oct 2007
Damage: Medium

Characteristics: W32.Fleck.A was first discovered on October 3, 2007. The target of infection of this worm is all file-sharing networks or programs. It does not only spread but also downloads other malware in the computer.

More details about W32.Fleck.A

The W32.Fleck.A worm is installed inside the computer through unsecured file-sharing network. It spreads by creating a file to the local disk drive under the Documents and Settings folder. The worm will create a System Registry entry that will be added to the registry. After that, the worm will connect itself to several URLs and will try to download for about more than 50 files. More than 20 URLs can be possibly added and the files that can be downloaded contain malwares. Then the malicious downloaded files will be saved to C:\Documents and Settings\All Users\Application Data\m. Next, the worm will connect to a group of eMule file-sharing servers. Finally, the worm will copy itself and download a Trojan horse.

The remote hacker using the W32.Fleck.A program may utilize the connection to install data mining tools and monitoring programs. This allows the remote hacker to gather cached data from the computer. The monitoring program usually includes a keylogger application. This allows the remote user to capture keystrokes done by the user. The keylogger program saves the collected data into a log file and sends it to a remote server via the backdoor connection. The remote hacker scans the data for possible login details to financial accounts and credit card numbers.