Bagle.J Worm

This is a mass-mailing worm discovered on March 2, 2004.This worm contains its own SMTP engine to construct outgoing messages and harvests email addresses from the victim's machine. This worm spoofs the "From" address on the emails it produces and sends attachments. Sometimes the attachment is password protected but the password is included in the message body. The attachment contains a remote access component which sends notification to hacker.

Possible subject lines for this worm include:

# E-mail account security warning.
# Notify about using the e-mail account.
# Warning about your e-mail account.
# Important notify about your e-mail account.
# Email account utilization warning.
# Notify about your e-mail account utilization.
# E-mail account disabling warning.

This worm uses important sounding usernames at the domain that it is pretending to be. The messages may be From:
# management@<recipient domain>
# administrator@<recipient domain>
# staff@<recipient domain>
# support@<recipient domain>

For more information visit the links below:

Network Associates

Symantec

---

Please be wary of opening any attachments, especially executables. Some possible executable file extensions are :

• .exe
• .com
• .zip
• .pif

---

Network Associates' McAfee antivirus has a free tool called “Stinger” that detect and remove 39 different viruses, Trojans and variants from infected computers. “Stinger” can be downloaded at: http://vil.nai.com/vil/stinger/

---

Thank you again for choosing Dnet!