WW32/BAGLE@MM harvests addresses from local files and allows hackers to upload programs to infected PCs. An internet worm that can enable hackers to take control of infected PCs is spreading around the world. The worm, W32/BAGLE@MM, also known as Bagle, harvests addresses from local .wab, .txt, .htm, and .html files. Antivirus company Sophos said it has received “many” reports of the worm, which sends itself to addresses taken from files on the hard disk. “The worm spoofs the ‘from’ field in emails it sends, which means it may appear to have come from someone you know,” the company said in a statement. The worm includes a back door component that listens on TCP port 6777. This allows an attacker to upload and execute arbitrary programs on infected computers. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.