Welcome to the Virus Encyclopedia of Panda Security.
It opens TCP port 2556, downloads a file from the Internet and ends processes belonging to security applications.
|Detection updated on:||April 15, 2004|
|Yes, using TruPrevent Technologies
Bagle.R is a worm that opens TCP port 2556 and listens to it.
Bagle.R spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.
Bagle.R attempts to connect to several IP addresses, in order to download and run a file on the affected computer.
In addition, Bagle.R ends processes belonging to several antivirus programs, firewalls and system monitoring tools. It also ends the processes belonging to previous variants of the worms Bagle and Netsky.
Bagle.R is difficult to recognize, as it does not show any messages or warnings that indicate it has reached the computer.