[an error occurred while processing this directive]
[an error occurred while processing this directive]
Released: March 4, 2004

Description of the W32.Beagle.K@mm worm

The W32.Beagle.K@mm worm is:

  • Is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
  • Sends the attacker the port on which the backdoor listens, as well as the IP address.
  • Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

From Spoofed to appear as though it's coming from the one of the following addresses at the recipient's domain, including management@ administration@ staff@ noreply@ and support@ etc.
Subject Random (may contained the following subjects) like:
E-mail account disabling warning.
E-mail account security warning.
Email account utilization warning.
Important notify about your e-mail account.
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Warning about your e-mail account.
Body May contain the following message:
- Dear user of some_domain,
- Dear user of e-mail server "some_domain",
- Hello user of some_domain e-mail server,

Followed by one of the following paragraphs:
Your e-mail account has been temporary disabled because of unauthorized access.
- Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
- Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Attachment A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected, though Symantec antivirus products will detect these files. File with the following names: Attach, Information, Readme, Document, Info, TextDocument, TextFile, MoreInfo or Message

Known aliases

Please note that the W32.Beagle@mm worm is also known by other names, including Win32.Bagle.K, Bagle.K, W32/Bagle.k@MM, W32/Bagle.K.worm, W32/Bagle-K, Worm_Bagle.K etc.

More information and removal instructions

More about W32.Beagle@mm from Symantec



[an error occurred while processing this directive]

[an error occurred while processing this directive]