Bagle (computer worm)
From Wikipedia, the free encyclopedia
- This article is about the computer worm. For the bread product, see Bagel.
Bagle (also known as Beagle) is a mass-mailing computer worm written in pure assembly and affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variation, Bagle.B is considerably more virulent.
Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the victim computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing strings such as "@hotmail.com", "@msn.com", "@microsoft" or "@avp".
The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.
The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large quantities; Network Associates rated it a "medium" threat. It is designed to stop spreading after February 25, 2004.
Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.
Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence.
