The Web    Google
11/1: Bagle-BE Worm Opens TCP Port

11/1: Bagle-BE Worm Opens TCP Port
November 1, 2004

Bagle.BE is a worm that opens the TCP port 81 and listens to it, waiting for remote connections. By doing so, Bagle.BE allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.

Bagle.BE ends processes belonging to security tools, such as antivirus programs. This leaves the affected computer vulnerable to the attack of other malware. In addition, Bagle.BE prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.

Bagle.BE spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.

Technical details can be found at Panda Software page.

  • Macromedia Patches MX 2004 Security Flaws
  • 9/3: Worm Ends Antivirus Processes
  • 3/24: Rbot-DP an IRC Backdoor Trojan
  • AntiOnline Security Spotlight: CD-Wrecker
  • 1/14: Mugly-F Worm Uses Own SMTP Engine
  • Open Source CVS Flaw Sparks Use Audits
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • 3/11: Rbot-XM Worm Hits Remote Shares
  • Jenny Craig Goes on a No-Spam Diet
  • 11/4: Rbot-OX Worm Has IRC Functions
  • 12/6: Atak-B a Mass-Mailing Worm
  • Compare Security Camera Products