
	Where results make sense

Topic: Bagle worm

Related Topics

Mydoom

NX instruction

Lycoris

Automobile

Audible audiobook

Belkin

Hp

Gearbox

NX

List of automobile manufacturers

Zinc oxide

CNET

In the News (Wed 16 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	F-Secure Computer Virus Information Pages: Bagle.B
		F-Secure is downgrading the alert level on Bagle worm since it reached its deadline.
		The target of the URLs are PHP files, to which the worm will post information about the infected host, namely the port where the backdoor is listening and a randomly generated ID. Some of those hosts are already unavailable.
		It provides access to the computer where the worm is running, where it allows to download and run any executable sent to the backdoor with a given format.
	www.f-secure.com /v-descs/bagle_b.shtml (420 words)

	TCP Port 2745
		Used by a number of the Bagle / Beagle / Tanx viruses as a backdoor port.
		Bagle is mass-mailing email that besides using your address book, and other information on your computer to email copies of itself too, opens a backdoor on port 2745 which allows a hacker to upload a file and execute it automatically.
		Bagle also attempts to contact a number of web sites informing them of the infection.
	www.linklogger.com /TCP2745.htm (120 words)

	Bagle-A Worm is Spreading Fast
		Discovered on Jan 18th, the Bagle-A worm (also known as Beagle-A) is an easy to recognize, mass mailing virus that is distributed by an e-mail attachment.
		As the first new important worm of the New Year, Bagle appears to have originated in Australia and is set to live only until January 28th, 2004, suggesting that tuned variations of the worm could appear as early next week.
		Another possible factor in the worm's success is the fact the worm's creators programmed the worm to e-mail itself to handful of popular domains to evade swift detection by dominant Web enterprises such as Hotmail, MSN and a large Russian computer security agency.
	www.invisus.com /resource_center/securityalerts/bagle-a.html (390 words)

	The Bagle Worm Family
		The Bagle family of worms is distinguished by innovation.
		Although not as "successful" as other worms of its kind, it can be argued that the earlier Bagle worms reinvented social engineering.
		Bagle was the first worm to attempt to send a copy of itself in a password-protected archive.
	www.aladdin.com /home/csrt/bagle_worm.asp (162 words)

	F-Secure Computer Virus Information Pages: Bagle
		Bagle is a mass-mailing worm that was found on 18th of January, 2004.
		When the worm is started it connects to a list of predefined web servers and tries to access a PHP file with certain parameters.
		One of the parameters is the TCP port where the backdoor is listening which suggests that this functionality is used to collect the addresses of infected computers.
	www.f-secure.com /v-descs/bagle.shtml (735 words)

	New Bagle Worm Is Spreading Its Source Code - Technology News by InformationWeek
		Two new versions of the Bagle worm are loose, and some versions of the worms carry Bagle's unencrypted source code.
		Bagle first hit the Internet in January and for weeks became a weapon in a tit-for-tat hacking squabble between the Netsky worm maker and the Bagle author.
		Bagle is a mass-mailing worm that spreads through E-mail and shared folders, including those used by popular peer-to-peer file-sharing networks such as Kazaa.
	www.informationweek.com /story/showArticle.jhtml?articleID=22103914 (580 words)

	Bagle-A worm moving quickly
		Bagle is a new mass-mailing worm, and it came on strong on Sunday, prompting antivirus software companies to raise threat alerts.
		The worm is also called "Bagel" and "Beagle." The writer has included the word "beagle" throughout the code, but antivirus researchers have tweaked the name to avoid calling it what the writer presumably named it.
		Bagle is such a basic worm in terms of functionality and social engineering that, initially, antivirus researchers expected little from it.
	searchsecurity.techtarget.com /originalContent/0,289142,sid14_gci945056,00.html (1185 words)

	Overview (Site not responding. Last check: 2007-10-31)
		It notifies its author that the affected computer is reachable through the port 8866.
		Bagle.B is a worm that spreads via e-mail in a message with the subject ID ...
		This worm only runs if the system date is February 25, 2004 or previous.
	www.pandasoftware.com /virus_info/encyclopedia/overview.aspx?IdVirus=44777&sind=0 (141 words)

	Bagle Worm Seen As 'Blueprint' For Web Criminals - Security Technology News by TechWeb
		A pair of research reports have explored the long-running Bagle worm and laid out a chronology that points to a professional developer who, like counterparts in the commercial software world, is constantly testing, tweaking, and improving his code for profit, not pride of ownership.
		Although other worm families have spawned more variants than Bagle, the worm was, said Gordon, the first real confirmation that technically-astute, professional-grade developers had moved into writing malware.
		Not only has the author (or authors) of Bagle created numerous variations of the worm, but he (or she, or they) are also behind the Mitglieder family of Trojans.
	www.techweb.com /wire/security/161601776 (1291 words)

	CNN.com - 'Bagle' e-mail worm spreading fast - Jan. 20, 2004
		A new Internet virus was spreading fast throughout Asia, Australia and Europe but computer security experts were divided on the seriousness of the threat from the "Bagle" worm.
		The "Bagle" or "Beagle" worm arrives in an e-mail with the subject "hi" and the word "test" in the message body.
		If the accompanying attachment is executed, the worm is unleashed and tries to send itself to all e-mails listed in the user's address book.
	www.cnn.com /2004/TECH/internet/01/19/bagle.virus.ap/index.html (333 words)

	WORM_BAGLE.AC - Description and solution (Site not responding. Last check: 2007-10-31)
		Unlike earlier BAGLE worms, this particular variant deviates a little from the usual BAGLE propagation routine of directly mass-mailing itself to a list of recipients.
		This worm harvests its target recipients from certain files found in the system, but it noticeably avoids sending email to addresses that contain certain strings.
		Staying true to its "bloodline", this BAGLE worm, like most of its predecessors, continues on with the BAGLE vs NETSKY war by removing autorun registry entries and mutexes associated with the rival worm.
	www.trendmicro.com /vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AC (420 words)

	W32.Beagle.A@mm aka W32/Bagle@mm Worm Characteristics and Removal instructions. - SRN Micro
		When the worm file is executed, it executes standard Windows calculator program (calc.exe) and copies itself to Windows system folder as "bbeagle.exe" in the background.
		Bagle worm uses its own SMTP engine to send infected messages.
		Bagle worm is detected on 18th January 2004.
	www.srnmicro.com /virusinfo/bagle.htm (281 words)

	Bagle.az Worm Spreads Rapidly - Fire Anti-virus Kit
		Bagle.az worm searches C to Z drives and drops infected copy in the file sharing folders.
		This worm is appeared on January 26th 2004.
		Fire has incorporated bagle.az worm in signature file to protect Fire users from this worm attack.
	fireav.com /virusinfo/library/bagleaz.htm (172 words)

	New Bagle worm spreading; source code is revealed (Site not responding. Last check: 2007-10-31)
		The new versions could place copies of the worm's core computer code on thousands of compromised computers -- and that may be a sign that the author or authors of one of the most prolific worms in recent months are feeling the heat from the law, according to one security expert.
		First detected yesterday, the new Bagle versions are almost identical to each other and very similar to earlier variants, which spread through shared file folders and in e-mail messages carrying the worm as an attachment, said Carole Theriault, a security consultant at Sophos.
		While the new variants aren't as virulent as Bagle's earlier versions, the fact that the author or authors decided to distribute the worm's source code is significant, Theriault said.
	www.computerworld.com /printthis/2004/0,4814,94367,00.html (554 words)

	Bagle Worm Mutates and Attacks Again
		The Bagle worm in all its various guises is becoming very difficult to handle for the world's computer users - this is the 43rd variant.
		The worm arrives as an email with a zip attachment, in the hope that some antivirus (AV) software will not scan compressed formats.
		The worm may also password protect the zip file and add the message 'the password is' followed by the password contained in an image file.
	www.asianlaws.org /infosec/archives/08_04_bagle.htm (240 words)

	Bagle worm spawns five siblings - ZDNet UK
		Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts.
		Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle -- being spread through email and infecting PCs of users who open the attachment -- Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.
		The Bagle F and G worms are coded to expire on 25 March, 2005.
	news.zdnet.co.uk /security/0,1000000189,39147909,00.htm (515 words)

	Email-Worm.Win32.Bagle.cy
		The worm itself is a Windows PE EXE file 35841 bytes in size.
		The worm may be in the form of an attachment or the email may contain a link to an infected website.
		In the first case the worm will be activated when the user clicks on the attachment.In the second case the worm will be activated when the user clicks on the link leading to the infected site.
	www.networkliquidators.com /webwiz/forum/forum_posts.asp?TID=605&PN=1 (498 words)

	Bagle Worm Resurfaces — More Variants Expected - WinPlanet Windows Software Reviews
		The Bagle family of worms, fairly dormant for the past few months, has spawned a flurry of variants that are kicking up a storm in the wild.
		The worm's author or authors dropped the worm's source code into two of the recently released variants, feeding other virus writers who may want to write and release their own Bagle variant.
		The alleged author of the Netsky worms was arrested in Germany this spring, and most security analysts thought that would bring an end to the string of variants from both Netsky and Bagle.
	www.winplanet.com /article/2455-.htm (575 words)

	New Bagle worm bypasses anti-virus software - B.I.S.S. Forums
		The new worm goes by a number of different names and is very similar to earlier versions of the worm, but also has new features that allow it to trick anti-virus software and content filtering products, said Sam Curry, vice president of e-Trust Security Management at Computer Associates (CA).
		That allows Bagle to masquerade its actions as those of IE, fooling firewall software that may be running on machines it infects and that would block communications to other systems on the Internet from unauthorised applications.
		CA is still analysing Bagle, but Curry believes that the new worm version is spreading, in part, by exploiting a vulnerability in a Windows feature for viewing and opening.zip compressed file archives.
	www.bluetack.co.uk /forums/index.php?showtopic=5222 (554 words)

	NACS - Bagle Worm
		Bagle Worm Announcement from Dana Roode, NACS Director
		If you think that you may be infected with Bagle, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present.
		Note: Receiving an e-mail alert stating that the virus came from your e-mail address is not an indication that you are infected as the virus often forges the from address.
	www.oac.uci.edu /security/NACS-BagleBeagleWorm.html (345 words)

	Bagle Worm Mutants Multiplying Fast eWEEK - Find Articles
		Almost a year after the first Bagle worm started squirming through e-mail in-boxes, anti-virus vendors are reporting a new wave of attacks with new propagation techniques.
		Like its predecessors, the worm's backdoor code is password-protected, allowing the worm's author access to connect to the infected computer to execute arbitrary programs.
		The Bagle family of worms was among the top 10 threats for 2004.
	www.findarticles.com /p/articles/mi_zdewk/is_200501/ai_n9473963 (424 words)

	Riding on Open Code, Bagle Worm Returns
		As is typical with variants of the Bagle family of worms, the polymorphic malicious code reaches user inboxes via a spoofed sender e-mail address, with a random subject line taken from a long list of choices and with random message content.
		The Bagle worm contains a Trojan backdoor that allows a remote user to execute arbitrary code on the infected PC, which turns the computer into what is referred to as a Zombie.
		Bagle has been one of the most persistent worms in existence since it first showed up in January of last year.
	www.internetnews.com /dev-news/article.php/3465321 (885 words)

	Win32.Bagle.B
		The worm determines the location of the current System folder by querying the operating system.
		The worm opens port 8866 ready to accept incoming connections from a remote user.
		If the worm is executed on the date 25th of February 2004 or later, the worm simply terminates.
	www3.ca.com /virusinfo/virus.aspx?ID=38323 (384 words)

	Bagle worm turns, spreading quickly - World - www.theage.com.au (Site not responding. Last check: 2007-10-31)
		The worm seemed to have appeared first in Germany, and was this afternoon spreading quickly in Italy, Poland and the UK as well, he said.
		The first variant of the Bagle bug was found on January 18, and is believed to be linked to spammers -- senders of unsolicited bulk email advertisements -- as it retrieved email addresses from the computers it infected.
		The Mydoom Internet worm discovered earlier this month, is the most virulent computer virus so far, having infected up to one million machines worldwide and causing huge delays in the delivery of emails.
	www.theage.com.au /articles/2004/02/18/1076780004419.html (390 words)

	Bagle.a: Prevention and cure - ZDNet UK
		Bagle (Bagle.a@mm) looks like yet another worm designed by spammers, much like Sobig and MiMail.
		When executed, Bagle attempts to email every email address it finds on an infected computer; it will also attempt to download a Trojan horse from a remote site.
		Bagle appears to be the first of a new family of viruses.
	news.zdnet.co.uk /security/0,1000000189,39119238,00.htm (444 words)

	Win32.Bagle.C
		The worm creates a mutex "imain_mutex" to ensure only one copy of the worm is running on the system.
		The worm may listen on TCP port 2745 to accept incoming connections from a remote user.
		If the worm is executed after the date 14th of March 2004, the worm removes the registry key and values it created.
	www3.ca.com /virusinfo/virus.aspx?ID=38426 (390 words)

	W32/Bagle@MM
		The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.
		AVERT has received a slightly modified sample of this worm, which is detected with the same DATs and Engine as the initial variant.
		This is a mass-mailing worm with a remote access component.
	vil.nai.com /vil/content/v_100965.htm (1262 words)

	New flavor of Bagle worm discovered - IT Security News - SC Magazine ASIA
		A new, unique variety of the Bagle worm are in the wild, several internet security firms warned this week.
		Helsinki-based F-Secure warned PC users that this version of the worm is unique because the malicious website promoted by the virus changes every four minutes.
		The Finnish firm called the worm W32/Bagle.GI, adding that the virus's contents, which encourage PC users to visit the malicious website, keep changing.
	www.scmagazine.com /asia/news/article/550796/new-flavor-bagle-worm-discovered (214 words)

	radware : Worm Bagle.DL
		Bagle.DL is a mass mailing worm that propagates by sending itself as an email attachment using its own SMTP engine, and using copying itself to NetBIOS shares.
		A mass mailing worm is a worm that propagates by sending itself as an email attachment using its own SMTP engine.
		Upon infection, the worm scans for email addresses found on the infected host, which it later uses in order to continue its propagation process.
	www.radware.com /content/security/alerts/alertinfo.asp?alertID=112 (322 words)

	Dr.Web - innovative technologies for information security. Antivirus & antispam protection. / Information
		Worm contains destructive functions: deletes processes, which belong to different computer security systems, and also stops services.
		The list of these web sites is stored in worm body.
		State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.
	info.drweb.com /virus_description/26996 (291 words)

Try your search on: Qwika (all wikis)