W32.Beagle family of worms
Discovery began in January 2004
aka: W32.Bagle family of worms
W32.Beagle family of worms are mass-mailing worms that open a backdoor on TCP ports 1080, 1234, 2745, or 4751. The worm uses its own SMTP engine for email propagation. It can also send to the attacker the port on which the backdoor listens, as well as a randomized ID number.
The email's subject line, body, and attachment name vary. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension.
The W32.Beagle.AO@mm (aka: price.zip) worm also opens a backdoor on UDP and TCP port 80.
Removal
There is a removal tool for the more common variants of the Beagle worm. For more information about the removal tool, please visit the W32.Beagle removal tool website.
You can find more information and removal instructions as tools for each variant from Symantec from the following links:
- W32.Beagle.AR@mm
September 28, 2004
- W32.Beagle.AQ@mm
August 31, 2004
- W32.Beagle.AP@mm
August 17, 2004
- W32.Beagle.AO@mm
August 9, 2004
- W32.Beagle.AH@mm
July 22, 2004
- W32.Beagle.AG@mm
July 19, 2004
- W32.Beagle.AC@mm
July 17, 2004
- W32.Beagle.AB@mm
July 15, 2004
- W32.Beagle.AA@mm
July 12, 2004
- W32.Beagle.Z@mm
July 5, 2004
- W32.Beagle.Y@mm
July 4, 2004
- W32.Beagle.X@mm
April 28, 2004
- W32.Beagle.W@mm
April 26, 2004
- W32.Beagle.U@mm
March 26, 2004
- W32.Beagle.K@mm
March 3, 2004
- W32.Beagle.J@mm
March 2, 2004
- W32.Beagle.I@mm
March 1, 2004
- W32.Beagle.H@mm
March 1, 2004
- W32.Beagle.G@mm
February 29, 2004
- W32.Beagle.F@mm
February 29, 2004
- W32.Beagle.E@mm
February 28, 2004
- W32.Beagle.C@mm
February 27, 2004
- W32.Beagle.B@mm
February 17, 2004
- W32.Beagle.A@mm
January 18, 2004
|
