11/1: Bagle-BE Worm Opens TCP Port
November 1, 2004

Bagle.BE is a worm that opens the TCP port 81 and listens to it, waiting for remote connections. By doing so, Bagle.BE allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.

Bagle.BE ends processes belonging to security tools, such as antivirus programs. This leaves the affected computer vulnerable to the attack of other malware. In addition, Bagle.BE prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In order to do so, it deletes the entries belonging to these worms from the Windows Registry.

Bagle.BE spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.

Technical details can be found at Panda Software page.