Free Software Downloads for windows, Linux, Mac
Windows free Download Mac free Download Linux free Download Dirvers free Download Advanced Search
     Drivers download     Submit your software     Top Downloads     Promote Software     Advertise     Link Exchange     Free Tutorial
Softlookup.com: >> E-News!
     New Articles
 Device Conflict
 PC Repair
 Second HDD
 Video Card
 CDROM Install
 Java app
 Web scripting
 W32/Bagle.Z
 Virus Alerts

    Information about the W32/Bagle.Z Worm 4/27/2004  
W32/Bagle.Z is a mass mailing worm. The worm will infect Windows systems.
This worm spreads through email and shared drives on the network.

Related News!
  Information about the W32/Netsky.AB worm
  Information about the W32/Bagle.Z Worm

The from address of infected email contains the recipient's along with any one of the following
user name.

christina@
secretGurl@
annie@
jessie@
ann@
christy@
lizie@

The subject of the infected email will be any one of the following;

Let's talk, my friend!
Site changes
Request response
Notify from a known person ;-)
RE: Protected message
Hidden message
Re: Yahoo!
Encrypted Document
Re: Thank you!
Hello!
Re: Msg reply
Incoming message
Re: Incoming Fax
Re: Hello
I just need a friend
Re: Document
RE: Text message
Protected message
Let's socialize, my friend!
Re: Incoming Message
I'm bored with this life
Re: Thanks :)
I like you
Hey!
Forum notify
Fax Message Received
I'm a sad girl...

The body of the infected email will be randomly generated by the worm.

The infected email carries two attachments.

1)Contains a picture of a girl in .jpg format.
2)Contains the worm file with any one of the following extension;

.zip
.vbs
.scr
.hta
.exe
.cpl
.com

Upon execution of the infected attachment. The worm displays a fake dialog box with a message, "Can't find a
viewer associated with the file". It drops the following files in Windows System folder;

drvsys.exe
drvsys.exeopen
drvsys.exeopenopen

It also checks for a word 'shar' in the available shared folders in both local and network, if found the worm
copies itself to these folders using the following filenames;

XXX hardcore images.exe
Windows Sourcecode update.doc.exe
Windown Longhorn Beta Leak.exe
WinAmp 6 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
Serials.txt.exe
Porno, sex, oral, anal cool, awesome!!.exe
Porno pics arhive, xxx.exe
Porno Screensaver.scr
Opera 8 New!.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Office 2003 Crack, Working!.exe
Matrix 3 Revolution English Subtitles.exe
Kaspersky Antivirus 5.0
KAV 5.0
Ahead Nero 7.exe
Adobe Photoshop 9 full.exe

The worm opens port 2535 to allow access to the infected system.

It alters the windows registry at the following location to load itself during next startup;

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also attempts to terminate processes related to antivirus and security related softwares.

To propagate itself, the worm scans the infected machine for the files having the following extensions and
collects all the available email addresses;

.xml .xls .wsh .wab .uin .txt .tbb .stm .shtm .sht .pl .php .oft .ods .nch .msg .mmf .mht .mdx .mbx .jsp .htm
.eml .dhtm .dbx .cgi .cfg .asp .adb.

The worm uses its own SMTP engine to mail itself to these email addresses. The worm will terminate itself if
system date is after January 25, 2005.

This worm first appeared on 26th April, 2004.



Your ad here!
Advertise on
Softlookup.com

New Releases
3D Gallery
3D Cube
Digicrafts Design
VooCAT 1.x
iClone 3D
Symbols (FW)
Symbols (FW)
VRayScatter 2.5.7b
Symbols (AI)
Symbols (FW)
Flash Preloader Type1
Flash Preloader Type2
Symbols (AI)
Kaminfeuer Titanium
The JMMG Open Fire
Reallusion iClone
GenHead
Symbols (FW)
DateTimeXtra
Symbols (AI)
Symbols (FLA)
Symbols (FW)
Wurlitzer MP3
GenCrowd 3D
3D Carousel
3D Carousel
Symbols (AI)
Blocker Plains,
Mega Pack
Creative MovieFX v2
ConvexSoft YouTube
m_cws_exporter
Power Pack
Unwrap King
Flash Gallery
 


Your ad here!
Advertise on
Softlookup.com
Top Downloads
Autodesk 3D
Adobe Illustrator
Yahoo-Kick-Boot-Bomber
flv2avi
Microsoft Visual
NFO Maker 2 Pro
Drum Pad
oDC
Virtual DJ
Radha-Krishna Screensaver
Adobe After
Unlimited Software 2007
AOL 9.0 VR Refresh
nweb for Zodiac -171163
TrueCast Player
AB Tutor Control
WebSphere Everyplace
QCP Converter
Autodesk 3D
Easy Dump Oracle
Hungarian Language
Playstation 2 Emulator
Popfax-Printer Internet
OmniPeek Personal
 
Home | About us | Categories | New Releases | Most Popular | Web tutorial | IT News | Drivers | Submit a program |   
2007 SoftLookup Corp. Privacy Statement