WORM SPREADS IN THE WILD
Virus Name : W32.Beagle.M@mm
Alias : I-Worm/Bagle.N, W32/Bagle.N@MM
, Bagle.N, W32/Bagle-N, WORM_BAGLE.N
Virus type : Internet
level : Medium
Bagle.N is a mass mailing worm, uses e-mail addresses collected from .wab, .txt, .htm, .html, .wab, .txt, .msg, .htm, .xml, .dbx, .mdx, .eml, .nch, .mmf, .ods, .cfg, .asp, .php, .pl, .adb, .tbb, .sht, .uin, and .cgi files to distribute infected messages. Bagle worm arrives as an e-mail attachment. The infected attachment will be a password protected ZIP file or an executable file with PIF extension.
The infected mail
from address will be one of the following
management@< domain name
administration@< domain name >
staff@< domain name >
noreply@< domain name >
support@< domain name >
mail subject will be one of the following
E-mail account security warning.
Notify about using the e-mail account.
Warning about your e-mail account.
Important notify about your e-mail account.
Email account utilization warning.
Notify about your e-mail account utilization.
E-mail account disabling warning.
mail message body will contain one of the following
"Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
"Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
"We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions."
"Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software."
"Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions."
the worm file is executed, it copies itself to Windows system folder as "winupd.exe"
in the background. It also copies itself as winupd.exeopen,
modifies registry run section to load automatically on the
next startup. The registry modification is given below.
[ By default,
%SYSTEM% will be C:\Windows\System in case of Windows
95/98/ME, C:\Winnt\System32 in case of Windows NT/2000 and
C:\Windows\System32 in case of Windows XP ]
searches C to Z drives and copies itself to folders containing
the string "share" or "sharing". This
string search allows the worm to spread using file sharing
networks like KaZaA and imesh. The worm uses following files
names from the list
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Porno Screensaver.scr Porno, sex, oral, anal cool, awesome!!.exe
Porno pics arhive, xxx.exe Serials.txt.exe
Windown Longhorn Beta Leak.exe Windows Sourcecode update.doc.exe
XXX hardcore images.exe
Opera 8 New!.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Matrix 3 Revolution English Subtitles.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
worm uses its own SMTP engine to send infected messages. The
worm tries to terminate security programs in the infected
contains backdoor abilities and it opens TCP port 2556. It allows hackers to upload files
in the infected computer. Bagle.N worm appeared on 15th March
How can I protect my
Solo has incorporated W32.Beagle.N@mm in
its signature file
to protect users from this worm attack. Solo
antivirus registered users are already protected
from this Worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this Worm?
you are already infected with this Worm, you can
remove it from your computer using Solo Antivirus
Use the following link to Download 30 day
trial version of Solo antivirus
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link