Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Bagle.AM
Technical name:W32/Bagle.AM.worm
Threat level:Medium
Alias:W32/!zip, WORM_BAGLE.AC,, W32/

It opens a TCP, it ends processes belonging to antivirus update programs, among others, and it attempts to download a fake JPG file from several websites. It spreads via email and through P2P programs.

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Aug. 9, 2004
Detection updated on:Nov. 5, 2004
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Bagle.AM is a worm that opens a TCP port and listens to it, allowing remote access to the affected computer. It also ends processes belonging to several antivirus update programs, among other applications, and it attempts to download a fake JPG file from several websites.

Bagle.AM spreads via email, in a message containing an attached file with a random name and a ZIP extension. This file contains an HTML file and a hidden EXE file, which is run when the user opens the HTML file.

Additionally, Bagle.AM also spreads through peer-to-peer (P2P) file sharing programs.

Visible Symptoms 


Bagle.AM is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, when Bagle.AM spreads via email, it reaches the computer in a message with the following characteristics:

  • Subject: it is empty.
  • Message:
    new price
  • Attachments:
    The attached file has a random name and a ZIP extension, which contains an HTML file and a hidden EXE file.