W32/Bagle.BE Trojan

 Virus Information - W32/Bagle.BE Trojan:

W32/Bagle.BE is a downloader trojan. This will infect Windows systems and attempts to download a file which is deteced as W32/Bagle.BE worm.

The trojan arrives as an attachment along with an email in a compressed format .zip.

The infected email carries a spoofed 'From' address picked up randomly from the infected system.

The subject of the infected email will be blank.

The body of the infected email will be any one of the following;

new price
price

It carries any one of the following infected attachments;

price2.zip
price_08.zip
price_new.zip
08_price.zip
new__price.zip
newprice.zip

Upon execution of the infected attachment, the trojan copies itself as winshost.exe, wiwshost.exe in the Windows System folder.

It alters the windows registry at the following location to load itself during next startup;

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

The trojan attempts to connect to some websites in its pre-configured list to download and execute a file which is detected as W32/Bagle.BE worm.

The trojan also tries to terminate the processes related to security software and prevents the user to access these sites.