Home > Threat descriptions >

Email-Worm:W32/Bagle.D

Classification

Category: Malware

Type: Email-Worm

Aliases: Email-Worm.Win32.Bagle.d

Summary


This type of worm is embedded in an email attachment, and spreads using the infected computer's emailing networks.

Removal


For removal instructions specific to Bagle infections, see Email-Worm:W32/Bagle.

For more general information on disinfection, please see Removal Instructions.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Email-Worm:W32/Bagle.D is very similar to Email-Worm:W32/Bagle.C, which was only released roughly 12 hours before this newer variant emerged.

There are very few differences in the C and D variants; they have the same sizes and same functionality, and the emails sent by them are identical. The major difference involves changes to the D variant to allow it to avoid detection by some antivirus programs.

Another, more minor change, involves a mutex installed by the worm to prevent it from installing on an already infected machine; Bagle.C uses the mutex name ""imain_mutex", whereas Bagle.D uses "iain_m2".

Bagle.D was found in the wild on February 28th, 2004