Signature Detail

WORM: Bagle.AF HTTP Traffic

This signature detects the AF variant of the Bagle SMTP virus. Bagle sends e-mails that contain an attachment with a malicious payload. When the attachment is viewed, the payload uses HTTP to load an external link, which is actually an executable program that infects the target host. The virus then sends a copy of itself to e-mail addresses found on the target's hard drive, using the target's e-mail address as the return address.

Extended Description

Bagle.AF is a worm that infects vulnerable Windows operating systems. It propagates through e-mail using its own Simple Mail Transfer Protocol (SMTP) engine.

References

• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln402.html
• URL: http://secunia.com/virus_information/10683/bagle.af
• URL: http://reviews.cnet.com/4520-6600_7-5127079.html