1. /
  2. Security Response/
  3. W32.Beagle.AG@mm


Risk Level 2: Low

July 19, 2004
February 13, 2007 12:25:27 PM
Also Known As:
WORM_BAGLE.AH [Trend Micro], W32/Bagle.ai@MM [McAfee], W32/Bagle-AI [Sophos], Win32.Bagle.AI [Computer Assoc, I-Worm.Bagle.ai [Kaspersky]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

W32.Beagle.AG@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080.

The subject line, body, and attachment name of the email vary. The attachment will have a .com, .cpl, .exe, .scr, or .zip file extension. If the file attachment is a .zip file, it will be password protected. This zip file will be detected as W32.Beagle@mm!zip.

The worm is packed with PeX.

Antivirus Protection Dates

  • Initial Rapid Release version July 19, 2004
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version July 19, 2004
  • Latest Daily Certified version July 25, 2012 revision 003
  • Initial Weekly Certified release date July 19, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate


  • Damage Level: Medium


  • Distribution Level: High

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver