Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WARNING: W32.Beagle.J@mm

Mar 4, 2004 6:30AM PST

Threat level: Category 3, Moderate (scale of 1-5)

W32.Beagle.J@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. In doing so, it sends the attacker the port on which the backdoor listens, as well as the IP address. It also attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

An email potentially containing the worm has the following characteristics:
From: Spoofed to appear as though it is coming from the one of the following addresses at the recipient's domain:

management
administration
staff
noreply
support

Attachment: A randomly named .exe file, inside a .zip file, or an .pif file.
The zip file will be password-protected.

This worm is currently undergoing analysis. The record at Security Response will be updated as information becomes available.


http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html

Discussion is locked