Sexy Gangster Costumes | Loans | Bad Credit Mortgages | Compare Mobile Phones | eHarmony Coupon
W32.Beagle.A@mm is going around again [Archive] - PCMech Forums
PDA

View Full Version : W32.Beagle.A@mm is going around again

Byte 2.0
03-03-2004, 11:38 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html


Email arrives that appears to be management@yourISP.com or .net or somethign allong those lines. I have not had time to read much but I is being checked out where I work right now. apparently there have been serveral calls in today.
Force Flow
03-03-2004, 06:00 PM
My ISP sent out this warning, so it must be serious :p

Information Technology Services warns all users of the email system of two new worms overwhelming Internet email servers. Please promptly delete any messages with the following characteristics. Do not open the messages, and/or do not click on the attachment links.

BEAGLE.K
====================================================================
W32.Beagle.K@mm is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It also sends the attacker the port on which the backdoor listens, as well as the IP address. W32.Beagle.J@mm also attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

The email has the following characteristics:
Wrom: DDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFX ISHJE

management
administration
staff
noreply
support

Attachment: A randomly named .exe file, inside a .zip file, or an .pif file. The zip file will be password-protected.

Also Known As: Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro]

BEAGLE.J
==================================================================
W32.Beagle.J@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It also sends the attacker the port on which the backdoor listens, as well as the IP address. W32.Beagle.J@mm also attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

The email has the following characteristics:
Wrom: XXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJ MVRESK

management
administration
staff
noreply
support
Attachment: A randomly named .exe file, inside a .zip file, or an .pif file. The zip file will be password-protected.

Note: LiveUpdate virus definitions released on 3/1/04 detect this threat as W32.Beagle.A@mm.

Also Known As: W32/Bagle.j@MM [McAfee]
Variants: W32.Beagle.I@mm