Home / malware

PDF

Worm:HTML/Bagle!mail

First posted on 18 April 2012.
Source: Microsoft

Aliases :

Worm:HTML/Bagle!mail is also known as Win32.Bagle.FG@mm (BitDefender), Win32/Bagle!ZIP (CA), Worm.Bagle-zippwd-33 (Clam AV), Email-Worm.Win32.Bagle.gen (Kaspersky), W32/Bagle!eml.gen (McAfee).

Explanation :

Worm:HTML/Bagle!mail is a generic detection for HTML format e-mail messages used by Worm:Win32/Bagle when spreading via e-mail.
Top

Worm:HTML/Bagle!mail is a generic detection for HTML format e-mail messages used by Worm:Win32/Bagle when spreading via e-mail. InstallationWorm:Win32/Bagle may arrive attached to an HTML format e-mail. The e-mail message may have two attachments, one being a password protected ZIP archive file containing Worm:Win32/Bagle. The other file attachment is a GIF image file of a numerical password for the ZIP file, as in the following example e-mail: The ZIP archive file contains a copy of Win32/Bagle, detected as Worm:Win32/Bagle.EG@mm, and a DLL, which is a encrypted text file.

Analysis by Hong Jia

Last update 18 April 2012

 

TOP