New Bagle Opens Broad Attack | eWeek

New Bagle Opens Broad Attack

Verfasst von
Jay Munro
Jay Munro
Aug 10, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

What started as a dribble early on Monday became a fusillade of e-mail messages from countless senders, but all bearing Zip files containing the potentially malicious Bagle.AQmm (aka Bagle.AC) virus.

While still only a medium alert on most virus watch sites, the speed with which the virus has spread and the amount of spam mail it has created frightened users and prompted IT departments to send out e-mails warning users not to open to Zip files. Here are the details on how to recognize and combat this new threat.

Name: W32/Bagle.AQ-mm

Affects: Windows XP/2000/NT/9x/Me/2003 Server

What it does: Bagle.AQ is a mass mailing worm that spreads primarily by e-mail using an JavaScript exploit JS/IllWill, first seen in October 2001. When the HTML file is executed, it executes a companion .EXE file which infects the victims PC by downloading the actual worm code. When it infects, Bagle.AQ harvests e-mail addresses from the victims PC and sends copies of it using its own SMTP engine. The worm also installs a remote access component, opens a backdoor on port 2480, and notifies the attacker. Bagle.AQ attempts to remove registry keys, and stop processes associated with security and antivirus software.

How to prevent it: Do not open attachments. Get the latest updates from your antivirus company. Use a firewall with port 2480 blocked. A mitigating factor may be that the JavaScript exploit has been detectable for several years, which may be caught before the worm can execute.

How to remove it: At this writing, it is unconfirmed that all antivirus companies can detect and clean. McAfee VirusScan detected and cleaned on our test machine once it was infected, as did TrendMicro Housecall. Trend Micros online Housecall, or McAfees Stinger.

Click here to read the full story, including instructions for removing Bagle.AQ manually, at PCMag.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.