Welcome to the Virus Encyclopedia of Panda Security.
It opens the TCP port 81 and waits for remote connections. It ends processes belonging to security tools and deletes entries belonging to other worms from the Windows Registry.
|First detected on:||Oct. 29, 2004|
|Detection updated on:||Jan. 14, 2006|
|Yes, using TruPrevent Technologies
Bagle.BE is a worm that opens the TCP port 81 and listens to it, waiting for remote connections. By doing so, Bagle.BE allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.
Bagle.BE ends processes belonging to security tools, such as antivirus programs. This leaves the affected computer vulnerable to the attack of other malware.
In addition, Bagle.BE prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.
Bagle.BE spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.
Bagle.BE is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.