Beagle returns

Beagle comes back, stronger than ever.

Name: I-WORM.Beagle.B


Type: Internet Worm Backdoor

Size: 11264 byte 

Platform: Win 95/98/ME/NT/2000/XP 


This worm comes through an infected email, with a random-named .EXE attachment.

The message has the following subject: ID xxx... thanks
Where xxx is a sequence of random characters.
With the following body:

Yours ID xxx

Again, xxx is a sequence of random characters.

If executed, Beagle creates AU.EXE inside WINDOWS' folder and
edits the registry to execute it at starup. It then executes
sndrec32.exe to record sounds, it then shows an error message.
After some seconds, Beagle enables a BACKDOOR module opening port n. 8866 TCP. It then keeps listening on that port.
Beagle tries to connect to the following websites


The worm can retrieve email address from the following files: .wab .txt .htm .html.
After the 25th of february, Beagle worm won't diffuse itself anymore

Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: