The Web    Google
Bagle-AA Moves Maliciously into 3rd Place

Bagle-AA Moves Maliciously into 3rd Place
September 24, 2004

Bagle-AA continues to move up the ranks of the most malicious malware in the wild, taking the third-place spot in September.

Steve Sundermeier, a vice president with Central Command, an anti-virus company based in Medina, Ohio, puts Bagle-AA in third place on its list of the most dangerous bugs on the Internet for September. Central Command reports that it makes up 4.31 percent of all virus sitings in the wild at this point. Sophos, Inc., an anti-virus company based in Lynnfield, Mass., ranks the worm slightly lower, in sixth place.

Bagle-AA, also known as Bagle-Z and Bagle-AB, was generally found holding down fifth place or lower on most anti-virus charts this summer. But as we move into fall, the worm has worked its way higher on the infamous list.

Sundermeier characterizes the worm as ''very aggressive'' and calls it a 'medium' threat.

The worm, which was released into the wild on April 28, is just one of the many variants of the Bagle family. When first run, it will display a fake error message containing the text, ''Can't find a viewer associated with the file''. It then copies itself to the Windows system folder.

Bagle-AA harvests email addresses from cached Web pages and files on local harddrives. The worm has its own SMTP engine.

The worm searches for and deletes personal firewall and anti-virus applications. It also opens a backdoor on Port 2535.

  • FTC Seeks Court Order Against "Do Not Call" Web Site
  • NIKSUN offers a security camera for your network
  • 1/18: Zar Worm Sends Tsunami Email
  • Understanding and Preventing DDoS Attacks
  • 5/17: Mytob-CH a Mass-Mailing Worm
  • 2/25: Randex-CST Worm Targets Passwords
  • ChoicePoint Stops Selling Some of Your Info
  • 3/21: Sumon-C an IM and P2P Worm
  • 4/15: Sdbot-XC Worm Targets Passwords
  • Secure Your Network Against Viruses, Spam
  • 9/22: Agobot-XJ Worm Exploits Mic Flaws
  • Security Camera News