Devilfrank
Sehr aktiv
W32.Beagle.E@mm is a mass-mailing worm that opens a backdoor on TCP port 2745. The worm uses its own SMTP engine for email propagation. It can also send to the attacker the port on which the backdoor listens, as well as a randomized ID number.
From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe
The worm is very similar in functionality to W32.Beagle.C@mm. This variant is packed by PeX.
--------------------------------------------------------------------------------
Note: Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.E@mm.
--------------------------------------------------------------------------------
Also Known As: Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates]
Type: Worm
Infection Length: 17-18kb
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe
The worm is very similar in functionality to W32.Beagle.C@mm. This variant is packed by PeX.
--------------------------------------------------------------------------------
Note: Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.E@mm.
--------------------------------------------------------------------------------
Also Known As: Bagle.E [F-Secure], I-Worm.Bagle.e [Kaspersky], WORM_BAGLE.E [Trend], Win32.Bagle.E [Computer Associates]
Type: Worm
Infection Length: 17-18kb
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]