[Dshield] New Version of I-Worm Bagle.HV
kruse at krusesecurity.dk
Tue Nov 1 21:22:39 GMT 2005
> >Received a new version of the I-Worm/Bagle.HV tonight.
A bit misleading name for this bug, since this is a typical dropper. It's
certainly not a worm. This bug is being seeded.
The malware drops a binary and a DLL to the system folder (%windows
systemfolder%). The code downloads components, from many websites (several
likely to be bogus). Also it kills several security software products and
make changes to registry:
It also registers the DLL as a COM object in Internet Explorer with the
following CLSID: [0002DF01-0000-0000-C000-000000000046].
More information about the list