x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bagle.AD

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Bagle.AD
Technical name:W32/Bagle.AD.worm
Threat level:Low
Alias:I-Worm.Bagle.aa, W32.Beagle.X@mm
Type:Worm
Effects:  

It listens to the port 1234 and waits for remote connections, notifies its author that the computer has been affected and eliminates entries belonging to other worms from the Windows Registry.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:July 4, 2004
Detection updated on:July 6, 2004
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies
Country of origin:GERMANY

Brief Description 

    

Bagle.AD is a worm that opens and listens to the TCP port 1234 waiting for remote connections. By doing so, Bagle.AD allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work. This remote access feature will be active untill January 25, 2005.

Bagle.AD notifies its author that the computer has been affected through the opened port by connecting to a web site that hosts a PHP script.

In addition, Bagle.AD prevents certain worms, suchs as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it eliminates the entries belonging to these worms from the Windows Registry.

Bagle.AD spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Visible Symptoms 

    

Bagle.AD is easy to recognize once it has affected the computer, as it displays the following fake error message on screen: