[24hoursupport] W32/Bagle-mm spreading rapidly

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: 24hoursupport@xxxxxxxxxxxxx
  • Date: Mon, 19 Jan 2004 15:58:33 -0800

There is a new virus making the round this week,

 it's Subject is "  Hi  " please use caution with your email. 

Try to find a more descriptive keyword.

From: VirusEye@xxxxxxxxxxxxxxx
Subject: MessageLabs Intelligence virus alert: W32/Bagle-mm, HIGH LEVEL

W32/Bagle-mm spreading rapidly

During 18th and 19th January 2004, MessageLabs, the email security
company, intercepted a significant number of copies of a new virus known
as W32/Bagle-mm. The majority of intercepted copies have been sent from

Name:  W32/Bagle-mm  

Aliases:  I-Worm.Bagle, W32/Bagle@MM, W32.Beagle.A@mm, 
W32/Bagle-A, Bagle, WORM_BAGLE.A


The worm arrives as an attachment to an email and has a random filename,
with a .exe extension.

W32/Bagle-mm searches the infected machine for email addresses and then
uses its own SMTP engine to send itself to the addresses found.

Email Characteristics

Subject: Hi
Text:   Test =)
Attached file: <random name>.exe 

The attached file may appear as a calculator icon. 
The worm deliberately launches the Calculator application as a disguise. 

W32/Bagle-A copies itself to bbeagle.exe in the Windows system folder and
sets the following registry entry to ensure the worm is run at logon: 


The worm also sets the following registry entries: 


W32/Bagle-A includes a backdoor component which listens on TCP port 6777. 
This allows an attacker to upload and execute arbitrary programs on infected

From; F-Secure

Detailed technical description of the worm as well as screenshots are
available in the F-Secure Virus Description Database at


Special Disinfection Tool 

F-Secure has developed a special disinfection tool for this worm. 
The tool will detect and remove an active Bagle infection from the

The Bagle removal tool can be downloaded in a ZIP file from: 



From Panda;
 Panda Software offers all users its free PQREMOVE application, 
designed to effectively clean any computer affected by Bagle.A.

This tool can be downloaded from the following address:
**  http://www.pandasoftware.com/download/utilities/  **

More information:
Computer Associates




Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
A Technical Support Alliance & OWTA Charter Member 

For a web-based membership management utility and information on list policies, 
please see http://nibec.com/24hoursupport/

To unsubscribe, send a blank email to 24hoursupport-request@xxxxxxxxxxxxx with 
"unsubscribe" (without quotes) in the subject.

Other related posts: