DAWN Ontario: DisAbled Women's Network Ontario


Technology Info, Tips, FAQs
You Can Use

Virus Information

Beagle and Bagle virus

Attention: Internet Explorers users

Virus Alert - March 22, 2004

 

Symantec calls it W32.Beagle.O@mm .... also known as W32.Bagle.Q [Computer Associates], Bagle.Q [F-Secure], W32/Bagle.q@MM [McAfee], W32/Bagle.Q [Panda], W32/Bagle-Q [Sophos], PE_Bagle.Q [Trend], W32.Beagle.Q@mm.

It uses a known vulnerability in Internet Explorer to propagate.

To protect your PC, make sure that Internet Explorer (IE) is patched with Q828750

i.e. follow these steps

1. open Internet Explorer,
2. click Help - About Internet Explorer and make sure that Q828750 is listed next to Update Versions.

If it is not, run Windows Update and apply every Critical Update and Service Pack available there

This worm affects PCs running Windows 95, 98, ME, NT, 2000 and XP in various ways:

  • It is a polymorphic mass-mailing, memory-resident worm that uses its own SMTP engine to spread through email.

  • The email message does not have a file attachment, but instead contains a hidden link to a certain Web site containing a virus copy. Once the infected email is viewed, the virus is automatically downloaded from that location.

  • It terminates certain processes, most of which are related to antivirus and firewall applications.

  • It opens a backdoor on TCP port 2556 and attempts to spread via peer-to-peer or file-sharing networks (Kazaa) by copying itself to certain folders.

  • It infects files with the .exe file extension.

The email has the following characteristics:

FROM: (One of the following)

management@<recipient domain>
administration@<recipient domain>
staff@<recipient domain>
antivirus@<recipient domain>
antispam@<recipient domain>
noreply@<recipient domain>
support@<recipient domain>


SUBJECT: (One of the following)

Account notify
E-mail account disabling warning.
E-mail account security warning.
E-mail technical support message.
E-mail technical support warning.
E-mail warning
Email account utilization warning.
Email report
Encrypted document
Fax Message Received
Forum notify
Hidden message
Important notify
Important notify about your e-mail account.
Incoming message
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Notify from e-mail technical support.
Protected message
RE: Protected message
RE: Text message
Re: Document
Re: Hello
Re: Hi
Re: Incoming Fax
Re: Incoming Message
Re: Msg reply
Re: Thank you!
Re: Thanks :)
Re: Yahoo!
Request response
Site changes
Warning about your e-mail account


Body: The body of the email will appear as a blank message, but will contain HTML code that will not be visible, and will automatically download and execute the worm from a remote Web site if your PC is not patched with Q828750.

 

back to Technology Content Index

 

Return to DAWN Ontario

Events Calendar
events, conferences etc

Featured News & Alerts

What's New
additions to the site indexed daily

Contact Us

Sign our Guestbook!


Website created & maintained
courtesy of Barbara Anello

DAWN Ontario
Box 1138 North Bay, ON P1B 8K4