USER: Visitor
Home > Free Security Articles > Resource Articles > W32.Beagle.J Worm January 17, 2018

Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map



Click here to register.

New Beagle Worm More Lethal

The newest version of the W32.Beagle worm is spreading rapidly on the Internet. It is having much more success than many of its predecessors due to its unique payloads -- an enticing message, and its own e-mail server.

"We discovered this worm last night, shortly after its release," said Craig Peterson, of "It is delivered to its intended victims via an e-mail message which appears to come from the recipient's Internet Service Provider or Corporate Information Technology Department. It even encrypts itself into an archive, and provides the victim with a unique password which can be used to decrypt it. Most users are unaware of its masquerade, and end up installing the worm."

Once installed on a system, this worm opens a back door and informs the attacker of its success and the Internet address of the now compromised machine. This not only allows control over the victim's machine by the attacker, but by anyone on the Internet who cares to scan for compromised machines. "These particular types of back doors on machines allow thieves to steal information from individuals and companies, as well as to spread new worms and viruses by using these compromised machines as special relays," said Peterson.

Many companies are not aware that they have criminal and civil liability if certain types of confidential information is leaked, although there are other liabilities. Craig pointed out that "many business owners can lose their businesses due to the bad publicity that an information leak can create. If a customer no longer trusts your ability to keep their information confidential, some decide to move on to another provider."

This worm has a very good method to get around many anti-virus e-mail systems -- it has its own e-mail server built-in. By using its own e-mail server to spread to other machines, it is able to by-pass any sort of out-bound e-mail filtering that is provided by the corporation. "Due to the lack of eSecurity understanding by most companies, they are unable to adequately protect against this type of attack. This one worm will cost businesses tens of millions of dollars."

What to Look For

This worm typically arrives via e-mail or file sharing networks. E-mails will appear to come from management, administration, staff, support or noreply, and will appear to come from the intended victim's domain.

The worm, once installed, will also copy itself to any shared folders on the victim's machine. It will scan the machine for directories that contain "shar" in their names, and will use various file names to hide itself. Any user on the same network who opens one of these files will be infected.

What to Do

Get the latest anti-virus updates. Due to the older technology employed by most anti-virus software you will need to get a copy of their latest virus signature files. This is often done automatically by the software on a periodic basis. You probably want to initiate a manual update to ensure that you have the latest signatures.

Don't open attachments included with e-mail, even if they appear to be from someone you respect such as your corporate IT department. Attachments can be cleverly disguised.

Block TCP port 2745 at your firewall. No traffic should be allowed into this port, or out from this port. This is the back door that is used by the attackers.

Update to a behavior-based defense system, such as that provided by Mainstream Security Services,

Note that this worm is also known as W32.Beagle.A@mm

View Responses (48565) Post Response

Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

Copyright 2003- 2007 DGKL, Inc. PRINT PAGE