Trend Micro Medium Risk Virus Alert - WORM_BAGLE.AI

by Marianna Schmudlach - 8/31/04 6:37 PM

As of August 31, 2004, 2:50 PM (GMT -07:00, Daylight Savings Time) PST, TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AI. TrendLabs has received several infection reports indicating that this malware is spreading in Brazil, US, and Canada.

This mass-mailing worm is executed by HTML_BAGLE.AI, and is packaged as a .ZIP compressed file. Upon execution, it drops a copy of itself as DORIOT.EXE in the Windows system folder. It creates registry entries to ensure its automatic execution at every Windows startup.

This worm attempts to download and execute its malware components from certain URLs. It also kills certain processes that are mostly related to antivirus programs.

It runs on Windows 95, 98, ME, NT, 2000, and XP.