Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BEAGLE.AZ WORM SPREADS IN THE WILD

Virus Name  : W32.Beagle.AZ@mm

Alias             : I-Worm.Bagle.az, W32/Bagle.bj@MM , Bagle.AY, W32/Bagle-AY,  WORM_BAGLE.AZ, I-Worm/Bagle.Gen

Virus type    : Internet Worm

Threat level : Medium

Virus details :

                     Beagle.AZ is a mass mailing worm, uses e-mail addresses collected from the infected system to distribute infected messages. Beagle worm arrives as an e-mail attachment.

The infected mail subject will be
Delivery by mail
Delivery service mail
Is delivered mail
Registration is accepted
You are made active

Message text
Before use read the help
Thanks for use of our software

Attachments
Jol03
guupd02
siupd02
upd02
viupd02
wsd01
zupd02
[ The file extension will be COM, CPL, EXE or SCR ]

The infected mail sample is given below

                     When the worm file is executed it copies itself to Windows system folder as "sysformat.exe" in the background. It also drops sysformat.exeopen, sysformat.exeopenopen.

                     W32.Beagle.AZ@mm modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"sysformat"= %SYSTEM%\sysformat.exe

[ By default, %SYSTEM% will be C:\Windows\System in case of Windows 95/98/ME, C:\Winnt\System32 in case of Windows NT/2000 and C:\Windows\System32 in case of Windows XP ]

                    Bagle.AZ worm uses its own SMTP engine to send infected messages. The worm tries to terminate security programs in the infected system. Bagle.AZ contains backdoor abilities and it opens TCP port 81. It allows hackers to upload files in the infected computer.

                    Bagle.AZ searches C to Z drives and copies itself to folders containing the string "share" or "sharing". This string search allows the worm to spread using file sharing networks like KaZaA and imesh. The worm uses following files names from the list

1.exe
2.exe
3.exe
4.exe
5.scr
6.exe
7.exe
8.exe
9.exe
10.exe
Ahead Nero 7.exe
Windown Longhorn Beta Leak.exe
Opera 8 New!.exe
XXX hardcore images.exe
WinAmp 6 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
Adobe Photoshop 9 full.exe
Matrix 3 Revolution English Subtitles.exe
ACDSee 9.exe

                   This worm is also known as I-Worm.Bagle.az, W32/Bagle.bj@MM , Bagle.AY, W32/Bagle-AY,  WORM_BAGLE.AZ, I-Worm/Bagle.Gen. Balge.AZ discovered on 26th January 2005.

How can I protect my system?

                   Solo has incorporated W32.Beagle.AZ@mm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   If you are already infected with this Worm, you can remove it from your computer using Solo Antivirus software. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link