Welcome to the Virus Encyclopedia of Panda Security.
It notifies its author that the computer has been affected. It ends processes belonging to several security programs and to several worms.
|First detected on:||May 13, 2004|
|Detection updated on:||March 15, 2005|
|Yes, using TruPrevent Technologies
Bagle.AC is a worm that ends processes belonging to antivirus and firewalls programs, among other security applications, as well as to several worms.
In addition, Bagle.AC acts as a proxy server, as an intermediary between the computer that establishes a connection (usually belonging to the worm's author) and the site accessed. By doing so, the attacking computer goes unnoticed. In order to carry out these actions, Bagle.AC opens the TCP port 14441.
In addition, Bagle.AC tries to connect to several web sites that host a PHP script aiming to:
1. Notify its author that the computer has been affected, as well as the affected IP address and the port through which the computer is accessible.
2. Download a file that contains different IP addresses to which the affected computer can not connect.
Bagle.AC is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.