Aliases
Win32/Bagle.Q

Description
W32/Bagle-Q is a mass-mailing virus. This virus spreads in an unusual manner, so please read the information below carefully.

W32/Bagle-Q spreads via a "carrier" email which does not contain the worm as an attachment.

When you open a "carrier" email, the email attempts to exploit a vulnerability in Outlook which automatically downloads W32/Bagle-Q from the PC which sent you the "carrier" email. The security vulnerability was reportedly patched by Microsoft in Microsoft Security Bulletin MS03-040.

The "carrier" email downloads and launches a Visual Basic script. This script downloads W32/Bagle-Q via an HTTP (web) request to TCP port 81 on the sender's PC.

The downloaded copy of W32/Bagle-Q is placed into your system folder with the name directs.exe

W32/Bagle-Q loads on your PC and terminates a wide range of security applications

More: http://www.sophos.com/virusinfo/analyses/w32bagleq.html