As of October 29, 2004, 2:07 AM (-7:00; Daylight Saving Time), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AT. TrendLabs has received several infection reports indicating that this malware is spreading in Japan, Sweden, China and Germany.
This worm uses its own SMTP engine to propagate via email. It arrives as either of the following attachments:
This worm searches the drive for folders with names containing the string "shared". It then drops itself in these shared folders using certain file names.
TrendLabs has released the following EPS deliverables:
TMCM Outbreak Prevention Policy 131 (as of 2:19 AM)
Official Pattern Release 2.224.00 (as of 2:47 AM)
The following EPS deliverables will soon be available
Damage Cleanup Template 444
For more information on WORM_BAGLE.AT, you can visit our Web site at:
W32/Bagle-AU is an email and peer-to-peer worm.
W32/Bagle-AU attempts email itself to addresses harvested from the infected machine, as well as copying itself to file-sharing folders.
W32/Bagle-AU will also attempt to download files from a remote website.