Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Bagle.j@MM

Mar 2, 2004 7:15AM PST

Date Discovered: 3/2/2004
Date Added: 3/2/2004
Origin: Unknown
Length: Varies
Type: Virus
SubType: E-mail

This is a mass-mailing worm with the following characteristics:

contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machine
the From: address of messages is spoofed
attachment can be a password-protected zip file, with the password included in the message body.
contains a remote access component (notification is sent to hacker)
copies itself to folders that have the phrase shar in the name (such as common peer-to-peer applications; KaZaa, Bearshare, Limewire, etc)
Mail Propagation

The message-bodies are constructed with several parts, to effectively customize the email, to make it appear to be a legitimate warning notification. The details are as follows:

From : (address is spoofed)
Subject :

E-mail account security warning.
Notify about using the e-mail account.
Warning about your e-mail account.
Important notify about your e-mail account.
Email account utilization warning.
Notify about your e-mail account utilization.
E-mail account disabling warning.
Body Text:

More: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101071

Discussion is locked