Discovered on: March 13, 2004
Last Updated on: March 13, 2004 12:13:49 PM
The W32.Beagle.M@mm worm is a mass-mailing worm that uses its own SMTP engine to spread through email. It attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.
The email has the following characteristics:
From: Spoofed to appear as though it's coming from the one of the following addresses at the recipient's domain:
management
administration
staff
noreply
support
Subject: One of the following:
Account notify
E-mail account disabling warning.
E-mail account security warning.
E-mail technical support message.
E-mail technical support warning.
E-mail warning
Email account utilization warning.
Email report
Encrypted document
Fax Message Received
Forum notify
Hidden message
Important notify
Important notify about your e-mail account.
Incoming message
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Notify from e-mail technical support.
Protected message
RE: Protected message
RE: Text message
Re: Document
Re: Hello
Re: Hi
Re: Incoming Fax
Re: Incoming Message
Re: Msg reply
Re: Thank you!
Re: Thanks
Re: Yahoo!
Request response
Site changes
Attachment: A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected.
Type: Worm
Infection Length: varies, approximately 21kb-22kb
More: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic