This Bagle-related downloader appeared on November 23rd, 2005. It
was spammed in e-mails to a large amount of people as 1.EXE. As
in previous cases, the downloader was sent inside a ZIP archive.
This is the second Bagle-related downloader for the last 30
minutes.
When the downloader is run, it copies itself as ANTI_TROJ.EXE
file to Windows System folder and creates a startup key for this
file in the Registry. Then the downloader tries to download a
file from several different sites and to activate it.
F-Secure Anti-Virus detects this malware starting from the
following update:
[FSAV_Database_Version]
Version=2005-11-23_04
Writeup:
Alexey Podrezov, November 23rd, 2005;
F-Secure Corporation
![](/images/pixel.gif"){kind=tracking}
