Computer Advisory Notification

Home Table of Contents News Archive CANs Subscribe Products Services Promotions Pricing & Policies About Us Contact Us Links Search This Site Employee Intranet

CAN20040120a
Beware The Beagle

Rapidly Spreading Worm Overloads E-mail Servers, Steals Bandwidth, Opens Backdoor Access To Computers

Dates & Revisions

  • Original CAN date: January 20, 2004
  • Latest revision: January 20, 2004

Systems Affected

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows ME
  • Microsoft Windows NT
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
    •

Problem Overview

A new worm which can replicate itself so quickly that it can overload e-mail servers has been discovered in wide distribution on the Internet. The Beagle.A worm arrives as an e-mail attachment that quickly tries to send itself to every e-mail address it can find on the infected machine. Once a computer has been infected, the worm also opens a port through which a remote attacker can execute commands on the computer. The massive amounts of e-mail generated by this worm can overload e-mail servers and steal most of the Internet bandwidth available to the infected computer. E-mails generated by this worm may appear to the recipient as if they have come from someone with an e-mail address on the same domain as their own.

The Beagle.A e-mail begins with the phrase "Test =)" and ends with the sentence "Test, yep." Between these two phrases are a series of randomly-generated characters. If you receive such a message, do NOT open the attachment.

The Beagle.A worm is coded to stop working after January 28, 2004 - this date is checked against the date of the computer on which the worm is running, so infected computers which have their clocks set incorrectly may continue to propagate this worm after this date.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

  • review the bulletins listed above and
  • delete any such e-mail which you receive without opening the attachment, and
  • update your anti-virus software with the latest available signature files.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.

Related Information:
 

Recent CAN Newsletters:
 

Recent CANs:

 

If You Are On A Managed Network...

If your computer is on a managed network, you should contact your network administrator before making any changes to your system to ensure that your changes will not conflict with other network services.

What Is A CAN?

You can read an overview of Computer Advisory Notifications by visiting the CANs home page. Complete instructions on how to subscribe to the CANs mailing list (and how to unsubscribe) are also listed there.

If you know of other computer users who would find this information useful, please forward a link to this page or your original CANs e-mail to them.