x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bagle.BA

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Bagle.BA
Technical name:W32/Bagle.BA.worm
Threat level:Medium
Type:Worm
Effects:  

It opens a port and accepts remote connections. It logs information on the affected computer and then sends it via e-mail to its author.

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Sept. 17, 2004
Detection updated on:Sept. 20, 2004
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Bagle.BA is a worm that opens port 2050 and waits for remote connections in order to carry out remote control commands.

Bagle.BA logs information on the affected computer, such as system information, user names and passwords of several installed programs, Internet accounts, etc. It then sends the logged information to its creator via e-mail.

Bagle.BA also drops a keylogger, detected by Panda Security as Application/Keyhook.A. It logs the keystrokes entered by the user.

Bagle.BA has been massively sent (spammed) via e-mail in a message with the subject photo-gallery! =) and an attached file called FOTO.ZIP.

>

Visible Symptoms 

    

Bagle.BA has been massively sent in an e-mail message with the following characteristics:

  • Sender:
    anastford@hotmail.com
  • Subject:
    photo-gallery! =)
  • Message:
    Hello!
    Sent you my private photos! =)
    See you, waiting for your call, Anastasia.
  • Attachments:
    FOTO.ZIP
    This attached file is compressed in ZIP format and contains the following files:
    - FOTO.HTML, detected by Panda Security as JS/Illwill.B.
    - A directory called FOTO, which contains the hidden files:
    EXPANDER.EXE, detected as W32/Bagle.BA.worm.
    THUMBS.DB, which does not contain malware.
    PHOTO.JPG, which contains an erotic image.