Post by Keith Heitmann on Jan 21, 2004 4:55:35 GMT -5
W32/Bagle@MM is a Medium Risk mass-mailing worm with a potentially dangerous remote access component. Similar to last summer's Sobig virus, W32/Bagle@MM arrives as an executable attachment inside an email (subject line: "Hi"). When run, the virus checks the system dateāif January 28, 2004 or later, the virus simply exits and does not propagate. Otherwise, the virus emails itself to addresses it steals from the infected computer, spoofing the "from: field" with one of the harvested addresses.
Caution: An infected email can come from addresses you recognize and may contain the following information:
What to look for:
From: address may be forged
Subject: Hi
Body: Test =)
(random characters)
--
Test, yep.
Attachment: (random filename) 15,872 bytes
Up-to-date McAfee VirusScan users are protected from this threat.
Learn More about W32/Bagle@MM
Scan for W32/Bagle@MM
Note: The virus does not mass-mail itself to addresses that contain @hotmail.com, @msn.com, @microsoft and @avp.