Goldun.IL is a Trojan, which is a password stealer that tries to capture the e-gold payment details of the affected user. To do this, it goes memory resident on computers without carry out any actions until it detects that the user has accessed the e-gold web page. When this happens, it captures the passwords typed and sends them to another computer. The author of this code can collect the details from this computer and carry out operations with the user's account.

Goldun.IL has been spread through spamming techniques. It has been mass-mailed in a file attached to an email message. The message carrying the malicious file containing Goldun.IL encourages the user to install a Service Pack that supposedly blocks Trojans that try to steal e-gold details.

HarBag.A collects email address to which to send the Bagle worm. To do this, it looks for 28 types of files and scans them for email addresses. These file types are files that usually contain email addresses, such as the Windows Address Book, database, temporary Internet files, etc.

After collecting the addresses, it sends them to a server where all the information is centralized. A curious feature of HarBag.A is that it only runs once on each computer, so that the hacker that receives the email addresses collected does not receive the same addresses twice.

.