Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||W32.Beagle.C@mm, Bagle.C, W32/Bagle-C, Win32.Bagle.C, WORM_BAGLE.C|
It creates a backdoor that opens TCP port 2745 and notifies its author that the affected computer is reachable through it. It stops functioning after March 14, 2004.
|First detected on:||Feb. 28, 2004|
|Detection updated on:||Jan. 28, 2005|
|Yes, using TruPrevent Technologies
Bagle.C is a worm that spreads via e-mail in a message with variable characteristics, and an attached file that has the same icon as an Excel spreadsheet.
Bagle.C contains a backdoor, which opens the TCP port 2745. It attempts to connect to several web pages that host a PHP script. By doing this, Bagle.C notifies its author that the affected computer can be accessed through the port mentioned above.
In addition, Bagle.C ends the processes belonging to several antivirus update applications.
This worm only runs if the system date is March 14, 2004 or previous. After this date, Bagle.C stops functioning.
Bagle.C is easy to recognize once it has affected the computer, as it opens Notepad the first time it is run.
In addition, it reaches the computer in an e-mail message with an attached file that has the same icon as an Excel spreadsheet.