RSS News Feed News Feed XML News Feed

Home

A.P.B.

Designs

Virus

Exploits

Primers

Definitions

Movies

Police Forces

Home > Virus > Worms > W32.Beagle.AZ@mm

 

Virus Name: W32.Beagle.AZ@mm

Aliases: W32.Beagle.AY@mm, W32/Bagle.bk@MM, Win32/Bagle.BE@mm, Win32.Bagle.AU, Email-Worm.Win32.Bagle.ay, W32/Bagle.BL.worm, Trojan.Downloader.Small-165, Win32.HLLM.Beagle.18336, Win32/Bagle.AX, W32/Bagle-BK, WORM_BAGLE.AZ

 

Beagle is a mass-mailing worm written in C that also spreads itself through file-sharing networks.  Its attachments end in .com, .cpl, .exe, or .scr.  Beagle is able to send out its infected e-mails with its own SMTP engine to addresses collected from the infected computer.  However, it does not mail itself to obvious anti-virus company addresses that might be in the address book.

It also downloads remote files too, such as error.jpg from the web, which it then saves in the Windows System folder as re_file.exe.  Next, it tries to lower security settings by killing running security processes, such as anti-virus programs, and deletes a couple of registry keys to try to stop other malware from launching on start-up.

It also creates sysformat.exe, sysformat.exeopen, and sysformat.exeopenopen in the Windows System directory, and tries to run sysformat.exe on re-boot.  A message in the body of the virus states either, "Before use read the help" or "Thanks for use of our software."

 

 

Copyright (c) 2005, 2008  A. Ryan Robbins.  All Rights Reserved.

 

 

Google
 
Web ycopfiles.com

 

 

Privacy

Copyright

About

Contact

Site Map

Blog Frog