Name: I-WORM.Beagle.B
Aka:
Type: Internet Worm Backdoor
Size: 11264 byte
Platform: Win 95/98/ME/NT/2000/XP
Description:
This worm comes through an infected email, with a random-named .EXE attachment.
The message has the following subject: ID xxx... thanks
Where xxx is a sequence of random characters.
With the following body:
Yours ID xxx
--
Thank
Again, xxx is a sequence of random characters.
If executed, Beagle creates AU.EXE inside WINDOWS' folder and
edits the registry to execute it at starup. It then executes
sndrec32.exe to record sounds, it then shows an error message.
After some seconds, Beagle enables a BACKDOOR module opening port n. 8866 TCP. It then keeps listening on that port.
Beagle tries to connect to the following websites:
http://www.47df.de/wbboard/1.php
http://www.strato.de/1.php
http://intern.games-ring.de/1.php
http://www.strato.de/2.php
The worm can retrieve email address from the following files: .wab .txt .htm .html.
After the 25th of february, Beagle worm won't diffuse itself anymore.