It opens a port and waits for remote connections, ends processes belonging to antivirus programs and firewalls, and connects to web pages that contain PHP scripts.

Bagle.AH is a worm that affects Windows XP/2000/NT computers only. Bagle.AH opens and listens to a TCP port, waiting for remote connections. By doing so, it allows hackers to gain remote control over the affected computer in order to carry out malicious actions that would compromise user's confidentiality or impede normal work.

Bagle.AH ends processes belonging to antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.

Additionally, this worm connects to several web pages that contain a PHP script.

It also eliminates the entries in the Windows Registry belonging to several variants of the worm Netsky.

Bagle.AH spreads via e-mail in a message with variable characteristics and through peer-to-peer file sharing programs (P2P).

Bagle.AH is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.