Welcome to the Virus Encyclopedia of Panda Security.
It opens the TCP port 80 and waits for remote connections. It sends a copy of the Trojan Mitglieder.BO to e-mail addresses contained in a file that it downloads from the Internet. It is downloaded to the affected computer by Mitglieder.BO itself.
|First detected on:||March 1, 2005|
|Detection updated on:||March 1, 2005|
|Yes, using TruPrevent Technologies
Bagle.BN is a worm that opens the TCP port 80 and listens to it, waiting for remote connections. By doing so, Bagle.BN allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.
Bagle.BN sends a copy of the Trojan detected as Trj/Mitglieder.BO to all the e-mail addresses contained in the file EML.EXE, which it downloads from a certain web page.
In addition, Bagle.BN prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.
Bagle.BN is downloaded to the affected computer by Mitglieder.BO.
Bagle.BN is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.