Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.Beagle.M@mm

Mar 13, 2004 8:17AM PST

Discovered on: March 13, 2004
Last Updated on: March 13, 2004 12:13:49 PM

The W32.Beagle.M@mm worm is a mass-mailing worm that uses its own SMTP engine to spread through email. It attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

The email has the following characteristics:
From: Spoofed to appear as though it's coming from the one of the following addresses at the recipient's domain:

management
administration
staff
noreply
support

Subject: One of the following:
Account notify
E-mail account disabling warning.
E-mail account security warning.
E-mail technical support message.
E-mail technical support warning.
E-mail warning
Email account utilization warning.
Email report
Encrypted document
Fax Message Received
Forum notify
Hidden message
Important notify
Important notify about your e-mail account.
Incoming message
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Notify from e-mail technical support.
Protected message
RE: Protected message
RE: Text message
Re: Document
Re: Hello
Re: Hi
Re: Incoming Fax
Re: Incoming Message
Re: Msg reply
Re: Thank you!
Re: Thanks Happy
Re: Yahoo!
Request response
Site changes

Attachment: A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected.

Type: Worm
Infection Length: varies, approximately 21kb-22kb

More: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.html

Discussion is locked