New Bagle Opens Broad Attack
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

New Bagle Opens Broad Attack

Written By
Jay Munro
Jay Munro
Aug 10, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

What started as a dribble early on Monday became a fusillade of e-mail messages from countless senders, but all bearing Zip files containing the potentially malicious Bagle.AQmm (aka Bagle.AC) virus.

While still only a medium alert on most virus watch sites, the speed with which the virus has spread and the amount of spam mail it has created frightened users and prompted IT departments to send out e-mails warning users not to open to Zip files. Here are the details on how to recognize and combat this new threat.

Name: W32/Bagle.AQ-mm

Affects: Windows XP/2000/NT/9x/Me/2003 Server

What it does: Bagle.AQ is a mass mailing worm that spreads primarily by e-mail using an JavaScript exploit JS/IllWill, first seen in October 2001. When the HTML file is executed, it executes a companion .EXE file which infects the victims PC by downloading the actual worm code. When it infects, Bagle.AQ harvests e-mail addresses from the victims PC and sends copies of it using its own SMTP engine. The worm also installs a remote access component, opens a backdoor on port 2480, and notifies the attacker. Bagle.AQ attempts to remove registry keys, and stop processes associated with security and antivirus software.

How to prevent it: Do not open attachments. Get the latest updates from your antivirus company. Use a firewall with port 2480 blocked. A mitigating factor may be that the JavaScript exploit has been detectable for several years, which may be caught before the worm can execute.

How to remove it: At this writing, it is unconfirmed that all antivirus companies can detect and clean. McAfee VirusScan detected and cleaned on our test machine once it was infected, as did TrendMicro Housecall. Trend Micros online Housecall, or McAfees Stinger.

Click here to read the full story, including instructions for removing Bagle.AQ manually, at PCMag.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page
Jay Munro
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information