F-Secure Downloader Information Pages : Bagle.EX [Summary] | [Detailed Description] Name: Bagle.EX Alias: W32/Bagle.EX, Email-Worm.Win32.Bagle.ex Size: 9968 Category: Downloader Date of Discovery: December 15, 2005 Summary This Bagle-related downloader appeared on December 15th, 2005. It was spammed in e-mails to a large amount of people as S3700020.EXE. Like in previous cases, the downloader was sent inside a ZIP archive. Detailed Description When the downloader is run, it copies itself as ANTI_TROJ.EXE file to Windows System folder and creates a startup key for this file in the Registry. Then the downloader tries to download a file from several different sites and to activate it. Back to the Top Technical Details: Alexey Podrezov, December 15, 2005 F-Secure Corporation