W32.Beagle.A@mm is going around again

[Byte 2.0]

http://securityresponse.symantec.com...agle.a@mm.html


Email arrives that appears to be management@yourISP.com or .net or somethign allong those lines. I have not had time to read much but I is being checked out where I work right now. apparently there have been serveral calls in today.

[Force Flow]

My ISP sent out this warning, so it must be serious

Quote:

Information Technology Services warns all users of the email system of two new worms overwhelming Internet email servers. Please promptly delete any messages with the following characteristics. Do not open the messages, and/or do not click on the attachment links. BEAGLE.K ==================================================================== W32.Beagle.K@mm is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It also sends the attacker the port on which the backdoor listens, as well as the IP address. W32.Beagle.J@mm also attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names. The email has the following characteristics: Wrom: DDJBLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFX ISHJE management administration staff noreply support Attachment: A randomly named .exe file, inside a .zip file, or an .pif file. The zip file will be password-protected. Also Known As: Win32.Bagle.K [Computer Associates], Bagle.K [F-Secure], W32/Bagle.k@MM [McAfee], W32/Bagle.K.worm [Panda], W32/Bagle-K [Sophos], WORM_BAGLE.K [Trend Micro] BEAGLE.J ================================================================== W32.Beagle.J@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It also sends the attacker the port on which the backdoor listens, as well as the IP address. W32.Beagle.J@mm also attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names. The email has the following characteristics: Wrom: XXIMQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUFPEGAUTFJ MVRESK management administration staff noreply support Attachment: A randomly named .exe file, inside a .zip file, or an .pif file. The zip file will be password-protected. Note: LiveUpdate virus definitions released on 3/1/04 detect this threat as W32.Beagle.A@mm. Also Known As: W32/Bagle.j@MM [McAfee] Variants: W32.Beagle.I@mm