Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W32/Bagle@MM, I-Worm.Bagle, W32.Beagle.A@mm, W32/Bagle-A, Bagle|
|Effects: ||It does not have any destructive effects. It spreads via e-mail.|
|First detected on:||Jan. 19, 2004|
|Detection updated on:||April 10, 2006|
|Yes, using TruPrevent Technologies
Bagle.A is a worm without destructive effects that spreads via e-mail in a message with the subject Hi and an attached file with a name that consists of several random characters and has an EXE extension.
Bagle.A runs only if the system date is January 28, 2004 or previous.
Bagle.A attempts to connect to several web pages through the port 6777, in order to update itself and make an inventory of the affected users. However, these web pages have been disabled. In addition, it has code that allows it to download files from the Internet and run them on the affected computer.
Bagle.A is easy to recognize, as it reaches the computer via e-mail in a message with the subject Hi and an attached file with a name that consists of several random characters and has an EXE extension.
The attached file has the same icon as the Windows Calculator:
The first time the attached file is run, the worm runs the Windows Calculator (CALC.EXE file).