News and Trends
SHARE
Facebook X Pinterest WhatsApp

New Bagle Variant Raises Alarms

A new variant of the Bagle worm is showing more prevalence than usual, according to anti-virus companies. The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level […]

Written By
thumbnail Larry Seltzer
Larry Seltzer
Sep 29, 2004
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A new variant of the Bagle worm is showing more prevalence than usual, according to anti-virus companies.

The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level for this worm because of increased submissions to their monitoring services compared with the average Bagle variant.

Click here to find out why security researchers are puzzled by Bagle’s success.

All the major companies offer protection against the worm. Symantec also has a removal tool.

Many e-mail programs, including Microsoft Outlook and Outlook Express will, in the default configuration, delete the infected executable attachment to the e-mail message in which the worm arrives.

According to Trend Micro’s description, the message comes from a spoofed address. The subject line is either “Re: Hi!,” “Re: Thank you!,” or “Re: Thanks :),” and the message body is always “:)).” The message comes with an attachment with a file name of “Joke” or “Price,” which has an extension of either “.com,” “.cpl,” “.exe,” or “.scr.”

Once the user runs the executable, it drops a copy of itself in the user’s Windows System folder and sets Windows to load it when the computer boots up.

The worm attempts to propagate by copying itself to shared folders for LANs and peer-to-peer networks, and through a conventional e-mail distribution using a built-in SMTP engine. It attempts to terminate a large number of security-related programs, such as anti-virus software.

In keeping with Bagle tradition, it also attempts to interfere with the Netsky worm by removing several registry keys used by Netsky and creating mutexes, which are variables in the operating system that Netsky checks for.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.


Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

thumbnail Larry Seltzer

Recommended for you...

thumbnail Scale Computing Makes Strategic Updates to HyperCore Solution
Infrastructure
Scale Computing Makes Strategic Updates to HyperCore Solution
Jordan Smith
Sep 17, 2025
thumbnail Druva Launches Metadata Graphing & New Agentic AI Solutions
AI
Druva Launches Metadata Graphing & New Agentic AI Solutions
Jordan Smith
Sep 17, 2025
thumbnail SonicWall’s Michael Crean on State of Managed Security
Security
SonicWall’s Michael Crean on State of Managed Security
Victoria Durgin
Sep 17, 2025
thumbnail Gigamon Unveils Agentic AI App to Boost IT Productivity
AI
Gigamon Unveils Agentic AI App to Boost IT Productivity
Luis Millares
Sep 16, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

facebook
linkedin
youtube
rss
spotify
x

Company

About us Contact us Advertise with us

Categories

Channel Business Security AI Infrastructure Lists & Awards

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information