Welcome to the Virus Encyclopedia of Panda Security.
It opens a port and accepts remote connections. It logs information on the affected computer and then sends it via e-mail to its author.
|First detected on:||Sept. 17, 2004|
|Detection updated on:||Sept. 20, 2004|
|Yes, using TruPrevent Technologies
Bagle.BA is a worm that opens port 2050 and waits for remote connections in order to carry out remote control commands.
Bagle.BA logs information on the affected computer, such as system information, user names and passwords of several installed programs, Internet accounts, etc. It then sends the logged information to its creator via e-mail.
Bagle.BA also drops a keylogger, detected by Panda Security as Application/Keyhook.A. It logs the keystrokes entered by the user.
Bagle.BA has been massively sent (spammed) via e-mail in a message with the subject photo-gallery! =) and an attached file called FOTO.ZIP.>
Bagle.BA has been massively sent in an e-mail message with the following characteristics:
Sent you my private photos! =)
See you, waiting for your call, Anastasia.
This attached file is compressed in ZIP format and contains the following files:
- FOTO.HTML, detected by Panda Security as JS/Illwill.B.
- A directory called FOTO, which contains the hidden files:
EXPANDER.EXE, detected as W32/Bagle.BA.worm.
THUMBS.DB, which does not contain malware.
PHOTO.JPG, which contains an erotic image.