Though it's still spreading in the wild, Bagle-AA didn't become more dangerous over the past week. Steve Sundermeier, a vice president at Central Command, an anti-virus and consulting company based in Medina, Ohio, explains that Bagle-AA moved up the charts largely because Sasser has moved down the list.
Sundermeier, though, characterizes the worm as ''very aggressive'' and says it's a 'medium' threat.
Bagle-AA harvests email addresses from cached Web pages and files on local harddrives. The worm has its own SMTP engine.
The worm searches for and deletes personal firewall and anti-virus applications. It also opens a backdoor on Port 2535.
This article first appeared on eSecurity Planet.