virus logo Virus

W32/Mitglieder.UW!tr.dldr

description-logoAnalysis

  • This detection is for the dropped file of some bagle variants.

  • Upon execution the malware prompts for the following messagebox.

  • The malware arrives as a password protected archive with the password indicated in the gif attachement.

  • Below is a screenshot of the spamed mail:


  • The malware resembles an icon of notepad file using what appears to be random filename and has an approximate file size of 185 Kb.

    • recommended-action-logoRecommended Action


      FortiGate systems:
    • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the " Allow Push Update" option

      • FortiClient systems:
    • Quarantine/Delete infected files detected and replace infected files with clean backup copies

    Telemetry logoTelemetry

    ID 310063
    Released Dec 01, 2006
    Description
    Updated    		 Dec 01, 2006
    Aliases W32/Bagle-QS, Win32.Bagle.GT@mm
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)