Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Massive outbreak of aggressive new Bagle worm var.

AUCKLAND NZ - October 29, 2004

Massive outbreak of aggressive new Bagle worm variant.

Today, a massive epidemic of an aggressive new Bagle worm hit the Internet, spreading fast and infecting thousands of machines.

At 07:51 this morning (Central European Time) a new virus was detected on NOD32’s Virus Radar project (

Initially, around 50 samples were detected in the first hour, but it quickly became obvious that the spread was going to be massive, as in the second hour, over 3400 were detected and further analysis showed that the virus was a new, and highly aggressive version of the Bagle worm, which NOD32 named Win32/Bagle.AS.

Subsequently, a further two variants were discovered - both detected with NOD32’s Advanced Heuristics - Bagle.AT and Bagle.AU, of which .AU is now also spreading.

Less than 2 hours after heuristic detection, at 09:40 (CET), an update was released to provide exact named identification and removal for each variant, and a description of the major variant Bagle.AS was posted to the NOD32 website.

“The massive proliferation of the new worm is probably due to it having its own mass-mailing routine. When the worm is active on an infected computer it will attempt to stop some antivirus and firewall applications running on the machine, so this will increase it’s chances of survival, as some products will not update and detect it.” said Andrew Lee, Senior Vice President of Global Support at NOD32.

Win32/Bagle causes a serious security breach by opening Port 81 on the computer and a random UDP port, and listens for instructions to be sent to it. The worm will be deactivated on an infected computer automatically after causing damage for 20 days. Based on the code analysis, the life cycle of the worm will end on April 25, 2006.

A free cleaning tool for the worm is available at

Tracking the threat on the virus radar shows the rapid growth of this worm in hours after initial heuristic detection, as can be seen in this hourly breakdown.

29.10.2004 7:00 53
29.10.2004 8:00 3409
29.10.2004 9:00 11235
29.10.2004 10:00 30424
29.10.2004 11:00 74236

Currently, the virus radar shows that around 1 in 20 messages contain the Win32/Bagle.AS worm

Rather fittingly, this morning, NOD32 received the news that they had been awarded their 29th VB100% award, a record breaking unbroken run, unmatched by any other anti-virus product, for detecting all viruses in the wild.

The exceptional advanced heuristic capabilities of NOD32, which at last measure, could detect over 88% of all viruses in-the-wild without the need for an update, are a major part of that success.


© Scoop Media

Business Headlines | Sci-Tech Headlines


ScoopPro: Helping PR Professionals Get More Out Of Scoop has been a fixture of New Zealand’s news and Public Relations infrastructure for over 18 years. However, without the financial assistance of those using Scoop in a professional context in key sectors such as Public Relations and media, Scoop will not be able to continue this service... More>>

Insurance: 2017 Worst Year On Record For Weather-Related Losses

The Insurance Council of New Zealand (ICNZ) announced today that 2017 has been the most expensive year on record for weather-related losses, with a total insured-losses value of more than $242 million. More>>


Crown Accounts: Govt Books In Line With Forecasts

The Government’s financial statements for the four months to 31 October indicate the books are tracking along with Treasury’s Budget forecasts, Finance Minister Grant Robertson says. More>>


Expert Reaction: Ross Sea Region Marine Protected Area In Force

Sweeping new protections for Antarctica's Ross Sea will come into effect on Friday 1 December. After five years of debate, the marine protected area (MPA) was agreed in 2016 after a joint proposal by New Zealand and the United States... More>>