Bagle-AA Called 'Very Aggressive'
Though it's still spreading in the wild, Bagle-AA didn't become more dangerous over the past week. Steve Sundermeier, a vice president at Central Command, an anti-virus and consulting company based in Medina, Ohio, explains that Bagle-AA moved up the charts largely because Sasser has moved down the list.
Sundermeier, though, characterizes the worm as ''very aggressive'' and says it's a 'medium' threat.
The worm, which was released into the wild on April 28, is just one of the many variants of the Bagle family. When first run, it will display a fake error message containing the text, ''Can't find a viewer associated with the file.'' It then copies itself to the Windows system folder.
Bagle-AA harvests email addresses from cached Web pages and files on local harddrives. The worm has its own SMTP engine.
The worm searches for and deletes personal firewall and anti-virus applications. It also opens a backdoor on Port 2535.
This article first appeared on eSecurity Planet.