Friday, 09-May-2008 19:25:36 EDT
 
  NEW VIRUS

Posted on: March 7, 2004

     A new e-mail worm entitled "Beagle" is running wild now. It has made its way into the University of Georgia network and is causing trouble. Here are the details as posted on Symantec's website.

The W32.Beagle.J@mm worm:

  • Is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
  • Sends the attacker the port on which the backdoor listens, as well as the IP address.
  • Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.


The email has the following characteristics:
From: Spoofed to appear as though it is coming from one of the following addresses at the recipient's domain:
  • management
  • administration
  • staff
  • noreply
  • support
Attachment : A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected, though Symantec antivirus products will detect these files.

Note :
  • Virus definitions released on February 18, 2004 detect this threat as W32.Beagle.A@mm .
  • There is no static MD5 available for this threat.
  • Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.J@mm.

Also Known As : W32/Bagle.j@MM [McAfee], WORM_BAGLE.J [Trend], Win32.Bagle.J [Computer Associates], W32/Bagle-J [Sophos]
Variants : W32.Beagle.I@mm
Type: Worm
Infection Length : 12,288 bytes
Systems Affected : Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected : DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

 
   
  e-mail spoof


Posted on: November 11, 2003

     These e-mails usually tell you that your account with a particular web site is in jeopardy of being suspended or shut down. These e-mails are usually from an individual trying to obtain your username and password for a particular account such as e-bay. It may look like a valid e-mail and login screen within the contents of the message but ultimately when you click the "login" button you are replying to the e-mail and sending this person your username and password. What he/she chooses to do from there on can be very tough to clean up. Any e-mail from any service will usually contain a hyperlink within the e-mail that directs you to the web site. In other words you should have to click on something within the e-mail to go to a web page. But be careful this too can be tricky. When in doubt, simply open up a fresh copy of your web-browser and type in the address to the homepage. If there is indeed a problem with your account there will surely be a message telling you so after you log in.
Footer
 

All content and images contained herein are the sole property of the owner.  Duplication or publication of any its contents is strictly prohibited.