Datencrash Datenrettung Hardware Virus
Datencrash Datenrettung Festplatte Hardware Virus Datencrash Datenrettung Festplatte Hardware Virus
   Datenrettung
   News
   Datenretter
   Glossar
   Erste Hilfe
   Datenbackup
   Computer & Hardware
   News
   Glossar
   Viren & Trojaner
   Viren-Katalog
   AntiViren-Tools
   Hack-Angriffe
   Internes
   Startseite
   Partner
   Sitemap
   Unsere Banner
   Presseinfo
   Kontakt
   Impressum
Viren : Virenkatalog

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9

I-Worm.Bagle.O


Alias: W32/Bagle-O

Bisher noch kein Befall in Österreich !!!

I-Worm.Bagle.O ist ein E-Mail-Worm, es wird die eigene SMTP Engine verwendet, Größe: 25600 Byte.

Die E-Mail-Adressen sucht sich I-Worm.Bagle.O in Dateien mit folgenden Endungen:

.WAB,.TXT,.MSG,.HTM,.SHTM,.STM,.XML,.DBX,.MBX,.MDX,.EML,.NCH,.MMF,.ODS,.CFG,.ASP,.PHP,.PL,
.ADB,.TBB,.SHT,.XLS,.OFT,.UIN,.CGI,.MHT,.DHTM,.JSP.

Bei Aufruf kopiert sich der I-Worm.Bagle.O unter dem Namen winupd.exe und befällt anschließend
ALLE aufgerufenen EXE-Dateien.

I-Worm.Bagle.O fügt folgenden Wert:

winupd.exe = \winupd.exe

zu folgendem Registrierungseintrag hinzu:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Folgende E-Mail-Adressen werden vermieden:

sopho, @hotmail.com, @msn, @microsoft, anyone@, bugs@, contract@, feste,
gold-certs@, help@, info@, nobody@, noone@, rating@, kasp, admin, icrosoft,
support, ntivi, unix, bsd, linux, listserv, certific, samples, @foo, @iana, free-av,
@messagelab, winzip, google, winrar, abuse, panda, cafee, spam, pgp, @avp., noreply, local,
root@, postmaster@, f-secur

Das E-Mail hat folgendes Aussehen:

Betreff:

E-mail account security warning.
Notify about using the e-mail account.
Warning about your e-mail account.
Important notify about your e-mail account.
Email account utilization warning.
E-mail technical support message.
E-mail technical support warning.
Email report
Important notify
Account notify
E-mail warning
Notify from e-mail technical support.
Notify about your e-mail account utilization.
E-mail account disabling warning.
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks :)
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document


Inhalt:

Dear user of ,
Dear user of e-mail server gateway,
Dear user of "" mailing server,
Dear user of "" mailing domain,
Dear user of "" domain,
Dear user of e-mail server "",
Hello user of e-mail server,
Dear user of "" mailing system,
Dear user, the management of mailing system wants to let you know that,

Your e-mail account has been temporary disabled because of unauthorized access.

Our main mailing server will be temporary unavaible for next two days, to
continue receiving mail in these days you have to configure our free auto-forwarding service.

Your e-mail account will be disabled because of improper using in next three days,
if you are still wishing to use it, please, resign your account information.

We warn you about some attacks on your e-mail account. Your computer may contain viruses,
in order to keep your computer and e-mail account safe, please, follow the instructions.

Our antivirus software has detected a large ammount of viruses outgoing from your email account,
you may use our free anti-virus tool to clean up your computer software.

Some of our clients complained about the spam (negative e-mail content) outgoing from your
e-mail account. Probably, you have been infected by a proxy-relay trojan server.
In order to keep your computer safe, follow the instructions.

Read the attach.
Your file is attached.
More info in attach
See attach.
Follow the wabbit.
Find the white rabbit.
Please, have a look at the attached file.
See the attached file for details.
Message is in attach
Here is the file.

For more information see the attached file.

Further details can be obtained from attached file.
Advanced details can be found in attached file.
For details see the attach.
For details see the attached file.
For further details see the attach.
Please, read the attach for further details.
Pay attention on attached file.

The team

The Management,
Sincerely,
Best wishes,
Yours,
Have a good day,
Cheers,
Kind regards,


Die E-Mails können Bilddateien mit den Erweiterungen BMP, GIF oder JPEG enthalten.
Der Anhang sind entweder Programme mit einer .EXE oder .PIF Erweiterung oder Kennwort-
geschützte Files mit einer .ZIP oder .RAR Erweiterung. Das Kennwort befindet sich in der
E-Mail.

Anhang:

Attach
Information
Details
Encrypted
first_part
Readme
Document
Info
TextDocument
Text
details
text_document
pub_document
MoreInfo
Message

I-Worm.Bagle.O versucht durch entsprechende Remote-Befehle Dateien herunterzuladen und
Anti-Virenprogramme zu beenden.
Außerdem sucht er sich Ordner, in denen der Namen ".Shar" enthalten ist:

ACDSee 9.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
Matrix 3 Revolution English Subtitles.exe
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Opera 8 New!.exe
Porno Screensaver.scr
Porno pics arhive, xxx.exe
Porno, sex, oral, anal cool, awesome!!.exe
Serials.txt.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Windown Longhorn Beta Leak.exe
Windows Sourcecode update.doc.exe
XXX hardcore images.exe

Wird I-Worm.Bagle.O im Jahr 2005 oder später durchgeführt, wird der Wurm und sämtliche
Einträge in der Registry gelöscht.

Entfernung:

Sperren Sie die System-Wiederherstellung (Windows Me/XP).
Aktualisieren Sie die Virusdefinitionen.
Löschen der Datei "winupd.exe" (wird von I-Worm.Bagle.O erzeugt)
Löschen Sie den Wert, den die Endlosschleife der Registry hinzufügte.








Linktipps: Filzmoos Hotels