Win32.Wreckage.A, TROJ_YABE.B, Win32/Rechnung!Worm
W32/Bagle.AK-mm, W32/[email protected]
, W32/Bagle-AK, Trojan.Win32.Agent.jk
Category: Computer Worm
Active & Spreading
28 Sep 2005
Belonging to a mass mailing Worm family, this malware makes use of Peer to Peer file sharing networks to deliver its infection to other computer systems. The payload delivery routine of the [email protected]
includes the capability download malicious files and execute them locally in the compromised machine. The source of the files that are downloaded are usually websites which are also under the control of the malicious author.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Aside from using Peer to Peer file sharing networks, this malware and some of its variants have the ability of using the email messaging service to spread its codes to other vulnerable computer systems. The [email protected]
is known for executing a legitimate operating system process and injecting its codes into the process. It will then terminate the authentic system process and takes it place. This routine allows the [email protected]
to mimic original system processes to avoid arousing user suspicion and avoiding detection of system monitoring tools. The [email protected]
will create an executable copy of itself into the directory folder of the operating system. It will attempt to mix with legitimate system files to conceal its presence and complicate its removal from the infected computer system.
The [email protected]
will modify the contents of the Windows Registry service by adding a new key value that will give it the functionality of automatically loading together with the operating system components. The Windows Registry will be used to bypass the active firewall protection system of the infected computer system. The [email protected]
will contact predetermined websites to cause the downloading and local execution of malicious files. The downloaded files are normally identified by their double file extension. The [email protected]
will harvest stored email addresses and target the remote systems by sending email messages with dangerous file attachments.