The links on the bottom of the article lead to descritions made by major Virus-Scanner developing companies, even in English <img src="/ubbthreads/images/graemlins/winkwink.gif" alt="" /> .
Quotation from NAI :
Quote
The worm uses the Object Tag vulnerability in Internet Explorer, which allows for the writing and overwriting of local files by exploiting the ADODB.Stream object. A remote file (random_name.php ) is downloaded upon viewing the email message. This file is actually a HTML file containing a VBS script, and it is detected as VBS/Psyme with the 4306 DATs or greater. When run, this script creates another VBS script (Q.VBS) - again detected as VBS/Psyme - which is responsible for downloading the worm from one of the following IP addresses.
There follows a list of a *lot* of IP-Adresses.
Also, Bagle.Q tries to kill Programs - resident guarding scanners, firewalls and some others.
Be careful !
Last edited by AlrikFassbauer; 21/03/0411:49 AM.
When you find a big kettle of crazy, it's best not to stir it. --Dilbert cartoon
"Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch
