Friendly bark/nasty bite: Beagle J Worm
Usually when you think of a beagle you think of a sweet playful dog, NOT a stranger using your PC as a Spam relay. Well think again there's a new dog in town and he's not even close to being your "Best Friend". It's the Beagle J, the newest strain of the Beagle Worm we started seeing in January.
Beagle J usually comes in the form of an email from your ISP or email domain host. Most of the time it seems legit enough and uses very clever subject line and message body to provoke you into opening their File attachment (worm). The emails we've recieved try to make the message look like it was coming from our email domain (which is us) and said that we needed to open the attachment. Even our own staff was fooled—here's what it said...
Dear user of e-mail server "Worldstart.com",
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been
infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For details see the attached file.
Best wishes,
The Worldstart.com team
After visiting some ISP homepages I found some info on the Beagle J and pretty much they all had the same thing to say, "We will not send out attachments to our customers, so don't open them!"
The attachment has a randomly named .exe inside a .zip folder. Once opened the worm doesn't do any real damage to your system but goes to work fast searching your PC for addresses and shares. The Beagle uses the addresses it finds to replicate to your contacts and the shares that it finds and uses them to infect other PCs on your network. Other than try to reproduce itself, the primary purpose of this Worm is to open up port 2745 and send info letting attackers know that a backdoor is now open on your system (trojan horse), from here an experienced hacker can do a lot of damage... under your name.
Symantec rates the Virus as Wild with a high distribution rate, and also has a removal tool if you don't have virus protection.
http://securityresponse.symantec.com/avcen...moval.tool.html
It can also be removed using McAfee's Stinger Tool.
http://vil.nai.com/vil/stinger/
If you have Norton or Mcafee you should be protected if you’re up to date with your Virus signatures. There is more specific information on file extensions, manual removal, subject and message body examples at the Symnatec and McAfee websites.
http://securityresponse.symantec.com/[email protected]
http://us.mcafee.com/virusInfo/default.asp...&virus_k=101071
Don't be fooled—these emails do not come from your ISP or mail server!
Usually when you think of a beagle you think of a sweet playful dog, NOT a stranger using your PC as a Spam relay. Well think again there's a new dog in town and he's not even close to being your "Best Friend". It's the Beagle J, the newest strain of the Beagle Worm we started seeing in January.
Beagle J usually comes in the form of an email from your ISP or email domain host. Most of the time it seems legit enough and uses very clever subject line and message body to provoke you into opening their File attachment (worm). The emails we've recieved try to make the message look like it was coming from our email domain (which is us) and said that we needed to open the attachment. Even our own staff was fooled—here's what it said...
Dear user of e-mail server "Worldstart.com",
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been
infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For details see the attached file.
Best wishes,
The Worldstart.com team
After visiting some ISP homepages I found some info on the Beagle J and pretty much they all had the same thing to say, "We will not send out attachments to our customers, so don't open them!"
The attachment has a randomly named .exe inside a .zip folder. Once opened the worm doesn't do any real damage to your system but goes to work fast searching your PC for addresses and shares. The Beagle uses the addresses it finds to replicate to your contacts and the shares that it finds and uses them to infect other PCs on your network. Other than try to reproduce itself, the primary purpose of this Worm is to open up port 2745 and send info letting attackers know that a backdoor is now open on your system (trojan horse), from here an experienced hacker can do a lot of damage... under your name.
Symantec rates the Virus as Wild with a high distribution rate, and also has a removal tool if you don't have virus protection.
http://securityresponse.symantec.com/avcen...moval.tool.html
It can also be removed using McAfee's Stinger Tool.
http://vil.nai.com/vil/stinger/
If you have Norton or Mcafee you should be protected if you’re up to date with your Virus signatures. There is more specific information on file extensions, manual removal, subject and message body examples at the Symnatec and McAfee websites.
http://securityresponse.symantec.com/[email protected]
http://us.mcafee.com/virusInfo/default.asp...&virus_k=101071
Don't be fooled—these emails do not come from your ISP or mail server!
