Fandom

Computer Security Wiki

Bagle

159pages on
this wiki
Add New Page
Talk0 Share
Bagle
Aliases
  • I-Worm.Bagle.a (Kaspersky Lab)
  • W32/Bagle.a@MM (McAfee)
  • W32.Beagle.A@mm (Symantec)
  • Win32.HLLM.Beagle.15872 (Doctor Web)
  • W32/Bagle-A (Sophos)
  • Win32/Bagle.A@mm (RAV)
  • WORM_BAGLE.A (Trend Micro)
  • Worm/Bagle.A (Avira)
  • W32/Bagle.A@mm (FRISK)
  • Win32:Beagle (ALWIL)
  • Win32.Bagle.A@mm (SOFTWIN)
  • Worm.Bagle.Gen-dll (ClamAV)
  • W32/Bagle.A.worm (Panda)
  • Win32/Bagle.A (Eset)
Type Worm
Affected platform/s Microsoft Windows
Smallwikipedialogo.png Most of this page uses content from Wikipedia. The original article was at Bagle (computer worm).
The list of authors can be seen in the page history. As with Computer Security Wiki, the text of Wikipedia is available under the GNU Free Documentation License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.
Bagle (also known as Beagle) is a mass-mailing computer worm written in pure assembly and affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variation, Bagle.B is considerably more virulent.

Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the victim computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing strings such as "@hotmail.com", "@msn.com", "@microsoft" or "@avp".

The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.

The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large quantities; Network Associates rated it a "medium" threat. It is designed to stop spreading after February 25, 2004.

Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.

Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence. However you are warned to watch out for said virus, if running Windows.

ReferencesEdit

External linksEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.