The Web    Google
9/3: Worm Ends Antivirus Processes

9/3: Worm Ends Antivirus Processes
September 3, 2004

Bagle.AY is a worm that ends processes belonging to several antivirus update programs, among other applications.

Bagle.AY spreads via e-mail, in a message with an attached file with a random name and a ZIP extension. This file contains an HTML file, together with a hidden EXE file. This executable file is run when the user opens the HTML file.

Once it has affected the computer, Bagle.AY attempts to download a fake JPG file from several websites. If successful, Bagle.AY will start spreading from the computer.

Technical details are at Panda Software page.

  • 11/16: Agobot-NX an IRC Trojan & Worm
  • Plenty of IM Security Holes Left to Plug
  • 2/7: Agobot-PI Worm Changes Data
  • Locking Up All of That 'Free Information'
  • 10/28: Agobot-NU a Worm and Backdoor
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • 9/7: Rbot-FL a Network Worm, Backdoor Trojan
  • Single Network Identity: Holy Grail or Nightmare?
  • AppRadar Supports Intrusion Detection for Enterprise Databases
  • 'Critical' Security Hole in Real's Helix Server
  • Cisco Warns of Voice Product Security Flaws
  • Security Camera Related Information