BEAGLE.AO
WORM SPREADS IN THE WILD
Virus Name : W32.Beagle.AO@mm
Alias : I-Worm.Bagle.aq,
W32/Bagle.AQ@MM , Bagle.AQ, W32/Bagle-AQ,
WORM_BAGLE.AC, I-Worm/Bagle.Gen
Virus type : Internet
Worm
Threat
level : Medium
Virus
details :
Beagle.AO is
a mass mailing worm, uses e-mail addresses
collected from the infected system to distribute
infected messages. Beagle worm arrives as an e-mail
attachment. The infected mail subject
will be empty.
Message
text
Price
new price
Attachments
08_price.zip
price.zip
price2.zip
price_new.zip
price_08.zip
newprice.zip
new_price.zip
or
new__price.zip
The infected zip file
contains two files namely price.exe and
price.html. Price.exe is a downloader component
and it will try to download Beagle.AO worm from
predefined website links. The downloader
component creates the following registry entries
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"win_upd.exe"= %SYSTEM%\WINdirect.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"win_upd.exe"= %SYSTEM%\WINdirect.exe
When the downloaded worm
file is executed it copies itself to Windows
system folder as "Windll.exe" in
the background.
W32.Beagle.AO@mm modifies
registry run section to load automatically on the
next startup. The registry modification is given
below.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"erthgdr"= %SYSTEM%\Windll.exe
[
By default, %SYSTEM% will be C:\Windows\System in
case of Windows 95/98/ME, C:\Winnt\System32 in
case of Windows NT/2000 and C:\Windows\System32
in case of Windows XP ]
Bagle.AO searches for
e-mail addresses from .wab, .txt,
.msg, .htm, .shtm, .stm, .xml, .dbx, .mbx, .mdx,
.eml, .nch, .mmf, .ods, .cfg, .asp, .php, .pl,
.wsh, .adb, .tbb, .sht, .xls, .oft, .uin, .cgi,
.mht, .dhtm, and .jsp files. The infected mail
message body and attachment names are randomly
choosen by the worm from the above list.
Bagle.AO worm uses its
own SMTP engine to send infected messages. The
worm tries to terminate security programs in the
infected system. Bagle.AO contains backdoor
abilities and it opens TCP port 80. It allows
hackers to upload files in the infected computer.
Bagle.AO searches C to Z
drives and copies itself to folders containing
the string "share" or
"sharing". This string search allows
the worm to spread using file sharing networks
like KaZaA and imesh. The worm uses following
files names from the list
Microsoft
Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working
Keygen.exe
Porno Screensaver.scr Porno, sex, oral, anal
cool, awesome!!.exe
Porno pics arhive, xxx.exe Serials.txt.exe
Windown Longhorn Beta Leak.exe Windows Sourcecode
update.doc.exe
XXX hardcore images.exe
Opera 8 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Matrix 3 Revolution English Subtitles.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
ACDSee 9.exe
How can I protect my
system?
Solo has incorporated
W32.Beagle.AO@mm in its signature file to protect
users from this worm attack. Solo antivirus
registered users are already protected from this
Worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
How
to remove this Worm?
If
you are already infected with this Worm, you can
remove it from your computer using Solo Antivirus
software. Use the following link
to Download 30 day trial version of
Solo antivirus
to
remove viruses from your computer. Solo antivirus
can detect and eliminate W32.Beagle.AO@mm aka
W32/Bagle.AQ@mm worm safely.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
You can
purchase Solo antivirus using the link 
|
