Computer Security Wiki
  • I-Worm.Bagle.a (Kaspersky Lab)
  • W32/Bagle.a@MM (McAfee)
  • W32.Beagle.A@mm (Symantec)
  • Win32.HLLM.Beagle.15872 (Doctor Web)
  • W32/Bagle-A (Sophos)
  • Win32/Bagle.A@mm (RAV)
  • WORM_BAGLE.A (Trend Micro)
  • Worm/Bagle.A (Avira)
  • W32/Bagle.A@mm (FRISK)
  • Win32:Beagle (ALWIL)
  • Win32.Bagle.A@mm (SOFTWIN)
  • Worm.Bagle.Gen-dll (ClamAV)
  • W32/Bagle.A.worm (Panda)
  • Win32/Bagle.A (Eset)
Type Worm
Affected platform/s Microsoft Windows
Smallwikipedialogo.png Most of this page uses content from Wikipedia. The original article was at Bagle (computer worm).
The list of authors can be seen in the page history. As with Computer Security Wiki, the text of Wikipedia is available under the GNU Free Documentation License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

Bagle (also known as Beagle) is a mass-mailing computer worm written in pure assembly and affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variation, Bagle.B is considerably more virulent.

Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the victim computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing strings such as "", "", "@microsoft" or "@avp".

The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.

The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large quantities; Network Associates rated it a "medium" threat. It is designed to stop spreading after February 25, 2004.

Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.

Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence. However you are warned to watch out for said virus, if running Windows.


External links[]