The Inquirer-Home

AV firm warns of fresh Bagle variant

High level warning
Thu Jan 27 2005, 10:53
SECURITY FIRM F-Secure said it has issued a level two alert for a variant of Bagle which it said is propagating like crazy across the world.

The firm said Bagle.AT is a polymorphic worm arriving in emails and with a number of different headers.

It's similar to the other Bagles around, and attaches itself to emails as a .EXE file with .com, .exe, .scr and .cpl extensions.

Typical text strings include "delivery service mail", "delivery by mail", "registration is accepted", "is delivered mail" and "you are made active".

Bagle.AT also open a back door to PCs that listens on port 81, and is password encrypted. That allows the author of the worm to connect to PCs and let him or her execute programs. The infected machines are reported to the worm's author. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?