Devilfrank
Sehr aktiv
The W32.Beagle.I@mm worm:
Is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
Sends the attacker the port on which the backdoor listens, as well as the IP address. The email attachment is a randomly named .exe file inside a .zip file. The embedded .exe file is password-protected with a random password.
Attempts to spread across file-sharing networks, such as Kazaa and iMesh, by dropping itself into the directories that contain "shar" in their names.
From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe
W32.Beagle.I@mm is functionally identical to W32.Beagle.H@mm.
Type: Worm
Infection Length: 18 - 22 KB
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX
http://www.symantec.com/avcenter/venc/data/[email protected]
Is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
Sends the attacker the port on which the backdoor listens, as well as the IP address. The email attachment is a randomly named .exe file inside a .zip file. The embedded .exe file is password-protected with a random password.
Attempts to spread across file-sharing networks, such as Kazaa and iMesh, by dropping itself into the directories that contain "shar" in their names.
From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe
W32.Beagle.I@mm is functionally identical to W32.Beagle.H@mm.
Type: Worm
Infection Length: 18 - 22 KB
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX
http://www.symantec.com/avcenter/venc/data/[email protected]