Bagle (computer worm)
Encyclopedia
Bagle is a mass-mailing computer worm
affecting all versions of Microsoft Windows
. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, is considerably more virulent.
Bagle uses its own SMTP engine to mass-mail
itself as an attachment to recipients gathered from the infected computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing certain strings such as "@hotmail.com", "@msn.com", "@microsoft" or "@avp".
The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.
The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large numbers; Network Associates rated it a "medium" threat. It is designed to stop spreading after February 25, 2004.
Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.
Some of these variants contain the text
"Greetz to antivirus companies
In a difficult world,
In a nameless time,
I want to survive,
So, you will be mine!!
-- Bagle Author, 29.04.04, Germany."
Which makes some people think the worm originated in Germany.
Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence. However, Windows users are warned to watch out for it.
mostly involved in proxy-to-relay e-mail spam
.
The Bagle botnet consists of an estimated 150.000-230.000 computers infected with the Bagle Computer worm
. It was estimated that the botnet was responsible for about 10.39% of the worldwide spam volume on December 29, 2009, with a surge up to 14% on New Year's Day, though the actual percentage seems to rise and drop rapidly. As of April 2010 it is estimated that the botnet sends roughly 5.7 billion spam messages a day, or about 4.3% of the global spam volume.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
affecting all versions of Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, is considerably more virulent.
Bagle uses its own SMTP engine to mass-mail
Bulk e-mail software
Bulk email software is software that is used to send email in large quantities.It might be used for legitimate mailings – for email list subscribers...
itself as an attachment to recipients gathered from the infected computer. It copies itself to the Windows system directory (Bagle.A as bbeagle.exe, Bagle.B as au.exe) and opens a backdoor on TCP port 6777 (Bagle.A) or 8866 (Bagle.B). It does not mail itself to addresses containing certain strings such as "@hotmail.com", "@msn.com", "@microsoft" or "@avp".
The initial strain, Bagle.A, was first sighted on January 18, 2004. It was not widespread and stopped spreading after January 28, 2004.
The second strain, Bagle.B, was first sighted on February 17, 2004. It was much more widespread and appeared in large numbers; Network Associates rated it a "medium" threat. It is designed to stop spreading after February 25, 2004.
Subsequent variants have later been discovered. Although they have not all been successful, a number remain notable threats.
Some of these variants contain the text
"Greetz to antivirus companies
In a difficult world,
In a nameless time,
I want to survive,
So, you will be mine!!
-- Bagle Author, 29.04.04, Germany."
Which makes some people think the worm originated in Germany.
Since 2004, the threat risk from these variants has been changed to "low" due to decreased prevalence. However, Windows users are warned to watch out for it.
Botnet
The Bagle botnet (Initial discovery early 2004), also known by its aliases Beagle, Mitglieder and Lodeight, is a botnetBotnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
mostly involved in proxy-to-relay e-mail spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
.
The Bagle botnet consists of an estimated 150.000-230.000 computers infected with the Bagle Computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
. It was estimated that the botnet was responsible for about 10.39% of the worldwide spam volume on December 29, 2009, with a surge up to 14% on New Year's Day, though the actual percentage seems to rise and drop rapidly. As of April 2010 it is estimated that the botnet sends roughly 5.7 billion spam messages a day, or about 4.3% of the global spam volume.
See also
- Netsky (computer worm)Netsky (computer worm)Netsky is a prolific family of computer worms. The first variant appeared on Monday, February 16, 2004. The "B" variant was the first family member to find its way into mass distribution. It appeared on Wednesday, February 18, 2004...
- BotnetBotnetA botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
- MalwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
- E-mail spamE-mail spamEmail spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
- Internet crime
- Internet securityInternet securityInternet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud,...