Welcome to the Virus Encyclopedia of Panda Security.
It infects PE files, opens TCP port 2556, downloads a file from the Internet and ends processes belonging to security applications.
|Detection updated on:||Feb. 18, 2007|
|Yes, using TruPrevent Technologies
Bagle.S is a virus with worm characteristics that infects PE files, increasing their size by 26 Kbytes. Bagle.S spreads via email in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.
Bagle.S opens TCP port 2556 and listens to it.
Bagle.S attempts to connect to several IP addresses, in order to download and run a file on the affected computer.
In addition, Bagle.S ends the processes belonging to several antivirus programs, firewalls and system monitoring tools. It also ends the processes belonging to previous variants of the worms Bagle and Netsky.
Bagle.S is difficult to recognize, as it does not show any messages or warnings that indicate it has reached the computer.