Bagle-AA Called 'Very Aggressive'

Jun 9, 2004

Sharon Gaudin

The worm, also identified as Bagle-AB and Bagle-Z, was ranked just last week in eighth and ninth place in two separate vendor lists of top threats for May. But this week, the worm, which spreads through email, has moved up into the Top 5.

Though it's still spreading in the wild, Bagle-AA didn't become more dangerous over the past week. Steve Sundermeier, a vice president at Central Command, an anti-virus and consulting company based in Medina, Ohio, explains that Bagle-AA moved up the charts largely because Sasser has moved down the list.

Sundermeier, though, characterizes the worm as ''very aggressive'' and says it's a 'medium' threat.

The worm, which was released into the wild on April 28, is just one of the many variants of the Bagle family. When first run, it will display a fake error message containing the text, ''Can't find a viewer associated with the file.'' It then copies itself to the Windows system folder.

Bagle-AA harvests email addresses from cached Web pages and files on local harddrives. The worm has its own SMTP engine.

The worm searches for and deletes personal firewall and anti-virus applications. It also opens a backdoor on Port 2535.

This article first appeared on eSecurity Planet.


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.