W32/Bagle@MM is a Medium Risk mass-mailing worm with a potentially dangerous remote access component. Similar to last summer's Sobig virus, W32/Bagle@MM arrives as an executable attachment inside an email (subject line: "Hi"). When run, the virus checks the system date—if January 28, 2004 or later, the virus simply exits and does not propagate. Otherwise, the virus emails itself to addresses it steals from the infected computer, spoofing the "from: field" with one of the harvested addresses.
Caution: An infected email can come from addresses you recognize and may contain the following information:
What to look for:
From: address may be forged
Subject: Hi
Body: Test =)
(random characters)
--
Test, yep.
Attachment: (random filename) 15,872 bytes
Quelle: http://www.mcafee.com