PDA

View Full Version : W32.Beagle.J@mm



Huntress
14th Mar 2004, 01:55
The message you have received is an unsolicited message, infected with the W32.Beagle.J@mm. Please note that this message was not sent from Juno.

I have included some information about this virus :

W32.Beagle.J@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.

The email may also comprise the following characteristics:

Subject: E-mail account disabling warning, E-mail account security warning, Email account utilization warning,
Important notify about your e-mail account, Notify about using the e-mail account, Notify about your e-mail account utilization, Warning about your e-mail account.

Just received this email a short time ago via Juno and was provided a link to get scan file from McFee's or Norton...son-of-a-XXXX! I seemed to check out OK even though I read the file within my zip proggie to see whatever I could see. It even contained a numbered password to open the darn file which turned out to be an executable. So I sent Juno an email to try and find out what it was about and they replied with the above. So take care ppl, it's still floating around with a backdoor to your email proggie :( Ta and Good Hunting!

littlek
14th Mar 2004, 14:53
Thanks Huntress. I no longer check email from my home computer. I either bring the laptop from work home on the weekends and check it on that or just wait until Monday and check it at work. The people who feel compelled to develop these worms must have such a pitiful life. :(

Belboz
15th Mar 2004, 06:06
Does this trigger via an attachment or a link, or does the email autorun.

Huntress
15th Mar 2004, 20:02
Hi Belboz :) This was very cleverly disquised. It came with a message about my email being temporarily suspended due to an unauthorizred user. Then it gave me a password number to open the .zip file to see the message about it :mad: So I used my proggie to unzip and then used the "view" to open the .exe file inside. It showed the info that the file contained but made no sense to me as I'm not a programmer or whatever. At that time I closed it.

Now prior to opening it in that fashion, I checked the link at the bottom of the message which was to Juno's Web site and indeed it took me there. It also showed it coming from Staff@juno.com, so I felt reasonably Ok to do what I did. However, when I tried to reply back to Juno with that address I got it back saying it was unknown or something like that. So then after trial and error I finally got my inquiry to the right place and got the info that it was a damn worm!

Since I had opened it I wasn't sure if I triggered it so I immediately went to McAfee's, dl'd the scanner and used it. It did not come up with anything. So somehow I think, opening it the way I did, it seems as though I didn't trigger it? It would appear however, that opening that file in the normal manner would have triggered it?

Yes, littlek, those no good s.o.b.'s should have their hands chopped off!!!! Later and Good Hunting!

bravus
15th Mar 2004, 21:51
It's ironic: the harder people have to work to open the attachment, the more likely they are to do it, it seems! All the Bagle viruses require the attachment to be opened, so realistically they shouldn't even be spreading any more. We're actually up to 'p' now, i.e. the 13th version. This one was tricky, Huntress, so I'll let you off with a warning ;). Just don't open *any* attachments unless they come from someone you know, and you were expecting them. And as someone said recently, a fair few of them are like: 'This is a message from Microsoft Support. You are infected with a virus, so please download and install the patch from http://trojan.w4rezdoodz.com. Thank You.'

Huntress
18th Mar 2004, 08:20
Hi Bravus...yea I know about the one from fake MS message but hadn't heard/seen the one about the email warning type. As far as opening from someone I know...well that's open for debate ;) First of all, it could be something from a friend disguised due to worm that steals their addies, etc., however this was from Juno or so I thought and that's partly why I was fooled :(

Anyway, apparently no harm done so I'll just be thankful. I did get caught awhile back though when I got hooked up in the first few days I was able to use my DSL before I had to have my machine worked on. That was a real nasty and though I seemingly got rid of it finally after much work tracking and fixing, maybe the residual is what caused my system to go haywire later on? Who knows...but I don't think it will happen again as I'll be more protected and aware. Take care and C'ya :)