This is a mass-mailing worm with a remote access component. The worm arrives in an email message. The attachment has a size of 15,872 bytes and a random filename.
When the attachment is run, the virus checks to see if the system date is January 28, 2004 or later. If it is on or after this date, the virus exits. Otherwise, the virus executes the standard Windows calculator program CALC.EXE, while the virus copies itself to the WINDOWS SYSTEM directory (%SysDir%) as bbeagle.exe , and creates a registry key to load itself at system startup.
The worm harvests addresses from files on the system and mails itself to the recipients, using its own SMTP engine and uses a fake From: address.
Our email virus scanner has been updated to protect against this threat.
Stinger is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger
Reference:
http://vil.nai.com/vil/content/v_100965.htm
| 