Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

What is Bagle Worm?

Tags: worm bagle virus

Bagle Worm: Definition

Bagle, also referred to as Beagle, is a mass-mailing computer Worm that has affected Microsoft Windows. Bagle refers to a large family of email worms available with many variations. Beagle is notable for the fact that different variants came in password-protected .zip files, with the password generally contained in the body of the message. The first variant, Bagle.A, did not spread widely. A second variant, Bagle.B, was considerably more virulent.

How Bagle Spreads?

Bagle arrives in an email along with a spoofed sender line. The alleged sender has an email address with the similar domain name as the recipient. “Hi” is the mail’s subject and the message is “Test =)”, which is followed by a series of random characters with “Test, yep.” at the end. The attachment name is a string of random letters with a .exe file extension and the icon mostly looks like the Windows calculator.

After implementation, some variants of Bagle will check the system date and may not even do anything if the date goes beyond a specific point (2004.01.28 for Beagle.A). If the date on the infected computer appears to be wrong and displays a date before the time the worm is supposed to stop running, it will then run and continue to spread from that computer.

The file bbeagle.exe is added to the Windows system folder. This is followed by the launch of the file calc.exe (the Windows Calculator). The worm now adds the value “d3dupdate.exe = (system folder directory)\bbeagle.exe” to the current user’s registry key that makes programs to run automatically after the system gets started. It could also add the values “uid = [Random Value]” and “frun = 1” to registry key HKEY_CURRENT_USER\Software\Windows98.

A listening thread on the TCP port 6777 is developed by the worm. If a cracker sends a specially formatted message to the worm via this port, the worm will permit an arbitrary file to be downloaded to the Windows system folder. Bagle also develops a thread that is responsible for notifying websites of the presence of the worm every 10 minutes. This is followed by scanning for email addresses in files with extensions .wab, .txt, .htm, and .html. It will not send itself to the following domains:

  • @microsoft.com
  • @av
  • .r1
  • @hotmail.com
  • @msn.com

Variants of Bagle Worm

  • DW
    A few variants, including Bagle.DW, try to make victims believe that they are being accused of being a phisher or criminal spammer, and that the attachment holding the worm contains alleged proof of their crime.
  • P
    The Bagle.P variant including a few others can infect computers without an attachment file in its email. It is available with an ActiveX control that produces and runs a VBScript on the system, which downloads and executes the worm from one of a list of IP addresses.

Use a Good Virus Protection Software to Remove and Prevent Bagle Worms

To help detect these worms, antivirus firms have advised customers to update their antivirus software. Comodo Antivirus is strong enough to withstand malware attacks and Virus threats, and it is also granular enough to scan all suspicious processes and files hiding deep inside a computer. Comodo’s free cloud-based virus scanning technology is quick and also auto-updates on its own to prevent infections from the latest virus varieties. With Comodo antivirus as your PC shield, you can trust only those files that have been verified to access your system while keeping all harmful programs at a distance.

Comodo’s virus protection technology has successfully proved its potential for battling virus threats via tried-and-tested methods. Infection Defense blocks the access of doubtful programs at all serious checkpoints, while the Auto-Sandbox Technique is capable of isolating the potentially harmful programs in a restricted environment without allowing it to affect your workflow. Comodo’s Defense technology isolates any strange and potentially hazardous file to run within the Sandbox environment. The Sandbox Technology allows the user to continue working without any hindrance while treating the threats in a quarantined zone.

This predictive feature available with the Comodo virus protection software gives it a competitive edge over various other security software, most of which can detect only the known threats. As the best virus removal software, Comodo Antivirus is available with the following features:
 

  • Potential to block zero-day exploits
  • Automatically scan all files entering the computer via the network
  • Automatically scan all downloaded files from other sources
  • Must feature an easy to use dashboard for complete control over the features
  • Utilize a cloud-based scanning service for improved efficiency
  • Deliver proactive protection against different types of malware
  • Provide real-time protection against different types of malware and infiltration attempts
  • Ensure a secure connection to the internet
  • Potential to detect different types of suspicious files and automatically block their activity
  • Ability to instantly remove or quarantine the malware
  • Maintain a virus definition database with signatures of the most recent malware
  • Ability to identify different types of malware (scareware, ransomware, spyware, worms, viruses, Trojans, keyloggers, adware, and rootkits).

The post What is Bagle Worm? appeared first on Comodo Antivirus Blogs | Anti-Virus Software Updates.



This post first appeared on Comodo Antivirus Blogs | Anti-Virus Software Updat, please read the originial post: here

Share the post

What is Bagle Worm?

×

Subscribe to Comodo Antivirus Blogs | Anti-virus Software Updat

Get updates delivered right to your inbox!

Thank you for your subscription

×