The Web    Google
Bagle-AA Moves Maliciously into 3rd Place

Bagle-AA Moves Maliciously into 3rd Place
September 24, 2004

Bagle-AA continues to move up the ranks of the most malicious malware in the wild, taking the third-place spot in September.

Steve Sundermeier, a vice president with Central Command, an anti-virus company based in Medina, Ohio, puts Bagle-AA in third place on its list of the most dangerous bugs on the Internet for September. Central Command reports that it makes up 4.31 percent of all virus sitings in the wild at this point. Sophos, Inc., an anti-virus company based in Lynnfield, Mass., ranks the worm slightly lower, in sixth place.

Bagle-AA, also known as Bagle-Z and Bagle-AB, was generally found holding down fifth place or lower on most anti-virus charts this summer. But as we move into fall, the worm has worked its way higher on the infamous list.

Sundermeier characterizes the worm as ''very aggressive'' and calls it a 'medium' threat.

The worm, which was released into the wild on April 28, is just one of the many variants of the Bagle family. When first run, it will display a fake error message containing the text, ''Can't find a viewer associated with the file''. It then copies itself to the Windows system folder.

Bagle-AA harvests email addresses from cached Web pages and files on local harddrives. The worm has its own SMTP engine.

The worm searches for and deletes personal firewall and anti-virus applications. It also opens a backdoor on Port 2535.

  • 7/29: Lovgate-AK a Mass-Mailing Worm
  • 5/2: Doyorg Trojan Arrives Via AOL IM
  • 5/17: Vidlo-J a Downloading Trojan
  • 6/28: Rbot-CA Allows Remote Access
  • Security Experts On Alert for Large-Scale Hacker Assault
  • 2/17: Poebot-A Worm Has Backdoor Functions
  • FTC Publishes Web Site on Fraud Cases
  • Securing your Storage Assets
  • 6/4: Korgo-D Attacks Buffer Overrun
  • 7/20: Mydoom.L@mm a Mass-Mailing Worm
  • AOL Touts Increased Broadband Security
  • Security Camera Price