Email-Worm:W32/Bagle.D

Classification

Malware

Email-Worm

W32

Email-Worm.Win32.Bagle.d

Summary

This type of worm is embedded in an email attachment, and spreads using the infected computer's emailing networks.

Removal

For removal instructions specific to Bagle infections, see Email-Worm:W32/Bagle.

For more general information on disinfection, please see Removal Instructions.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Email-Worm:W32/Bagle.D is very similar to Email-Worm:W32/Bagle.C, which was only released roughly 12 hours before this newer variant emerged.

There are very few differences in the C and D variants; they have the same sizes and same functionality, and the emails sent by them are identical. The major difference involves changes to the D variant to allow it to avoid detection by some antivirus programs.

Another, more minor change, involves a mutex installed by the worm to prevent it from installing on an already infected machine; Bagle.C uses the mutex name ""imain_mutex", whereas Bagle.D uses "iain_m2".

Bagle.D was found in the wild on February 28th, 2004

Date Created: -

Date Last Modified: -