Bagle.N is a virus that has worm characteristics. Bagle.N infects PE files, increasing their size by 21 KBytes. Bagle.N spreads via e-mail in a message with variable characteristics, and an attached file with the same icon as True Type fonts. It can also spread through peer-to-peer (P2P) file sharing programs. Bagle.N contains a backdoor, which opens the TCP port 2556. In addition, Bagle.N ends the processes belonging to several antivirus programs, firewalls and system monitoring tools. It also ends the processes belonging to previous variants of the worms Bagle and Netsky. This worm only runs if the system date is December 31, 2005 or previous. After this date, Bagle.N stops functioning. |