Encyclopedia

Bagle.A
Threat LevelDamageDistribution

At a glance Tech details | Solution


Common name:	Bagle.A
Technical name:	W32/Bagle.A.worm
Threat level:	Low
Alias:	W32/Bagle@MM, I-Worm.Bagle, W32.Beagle.A@mm, W32/Bagle-A, Bagle
Type:	Worm
Effects:	It does not have any destructive effects. It spreads via e-mail.
Affected platforms:	Windows 2003/XP/2000/NT/ME/98/95
First detected on:	Jan. 19, 2004
Detection updated on:	April 10, 2006
Statistics	No
Proactive protection:	Yes, using TruPrevent Technologies
Repair utility:	Panda QuickRemover

Brief Description

Bagle.A is a worm without destructive effects that spreads via e-mail in a message with the subject Hi and an attached file with a name that consists of several random characters and has an EXE extension.

Bagle.A runs only if the system date is January 28, 2004 or previous.

Bagle.A attempts to connect to several web pages through the port 6777, in order to update itself and make an inventory of the affected users. However, these web pages have been disabled. In addition, it has code that allows it to download files from the Internet and run them on the affected computer.

Visible Symptoms

Bagle.A is easy to recognize, as it reaches the computer via e-mail in a message with the subject Hi and an attached file with a name that consists of several random characters and has an EXE extension.

The attached file has the same icon as the Windows Calculator:

The first time the attached file is run, the worm runs the Windows Calculator (CALC.EXE file).

Last updated: 10/04/2006

Virus News

3/10/09.-More than 10 Million Worldwide Were Actively Exposed to Identity Theft in 2008

3/5/09.-Cyber-crooks manipulate Internet searches to sell fake antivirus products

3/2/09.-VideoPlay adware infections grew 400% in February through malicious use of Web 2.0 pages

[+ Noticias]

Web Map | Contact Panda Security