Proactive IT security
 Home  News  Products & services  Virus & security  Support  Download  Partner  Purchase
Select country
Select product
Virus removal tool
Virus descriptions
Latest virus descriptions
Norman SandBox technology
List of detected viruses
Submit virus sample
Antivirus testfile
Virus warnings on your own web site
Security Information
Security News and Advisories
Security articles
 SHORTCUTS:
Mailing list subscriptions
My Norman Bookmarks
Virus & security » Virus descriptions » W32/Bagle.AK
W32/Bagle.AK
Add to My Norman Bookmarks
W32/Bagle.AK Destructivity: None Spreading: None Overall risk: Low
Detected by virus detection files published: 31 Aug. 2004
Virus characteristics first published: 31 Aug. 2004
Virus characteristics latest update: 28 Nov. 2005
Type: Security Risk, Worm
Spreading mechanism: Other
Overall risk: Low
Type Spreading mechanism Destructivity & payload Additional descriptions Detection & removal

This description is based on Norman's Sandbox analysis.

foto1.exe : [SANDBOX] contains a security risk - W32/Malware 

[ General information ] 
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. 
* Creating several executable files on hard-drive. 
* File length: 12800 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\doriot.exe.
* Creates file C:\WINDOWS\SYSTEM\gdqfw.exe.
* Deletes file C:\WINDOWS\_re_file.exe. 

[ Changes to registry ]
* Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key  
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". 
* Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". 

 [ Process/window information ]
* Will automatically restart after boot (I’ll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
* Enumerates running processes several parses....

 
CURRENT VIRUS THREATS
Medium risk
15 Aug 08 AntiVirus 2008
24 Oct 07 Pidief.A
24 Jan 07 Tibs
25 Sep 06 Stration
18 Jan 06 Small.KI
12 Sep 05 Bagle.CS
17 Aug 05 Zotob.B
08 Jun 05 Mytob
17 Feb 05 MyDoom.AQ
26 Jul 04 MyDoom.L
25 Mar 04 Netsky.P
Low risk
05 Mar 07 Viking.GT
27 Jan 06 Feebs
16 Jan 05 MyDoom.AH
22 Apr 04 SDBot
30 Mar 04 Netsky.Q
Latest virus definition file published
>> 2008-08-29
Security Information
>> The Internet Crime Complaint Center's report for 2007
>> 2007
Security News and Advisories
>> Six critical updates for Microsoft systems in August 2008
>> No critical updates for Microsoft systems in July 2008
Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam, and encryption, the company plays an important role in the data industry.