VIRUS ADVISORY – W32/Bagle.u@MM

The latest variant of W32/Bagle@MM, W32/Bagle.u@MM is a Medium Risk mass-mailing worm that:1) installs a dangerous backdoor Trojan-horse program that opens TCP port 4751, 2) opens the Windows game Hearts (if present on the system), and 3) sends itself to email addresses addresses stolen from an infected machine. It arrives as an attachment in an email with a blank subject line and blank body text.

Up-to-date McAfee VirusScan users with dat 4344 are protected from this threat.

Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected—the virus often spoofs the “from” address.

What to look for:

FROM: Varies (spoofed – using one of the harvested email addresses from the infected system). Go to our site to see a list of files this worm uses to harvest email addresses.

SUBJECT: Blank.

BODY: Blank.

ATTACHMENT: Varies. Randomly named executable, with an .EXE extension.

Leave a Reply