Johannesburg, 16 Jul 2004
Symantec has upgraded a variant of the Beagle worm to a level three threat.
The W32.Beagle.AB@mm worm was upgraded due to increased submission rates from both corporates and consumers. To date, Symantec has received a total of 66 submissions - 17 from corporate customers.
The variant is a mass-mailing worm that opens a backdoor on TCP port 1080 and uses its own SMTP engine to spread through e-mail. The source code is embedded in the worm and may arrive in an e-mail or in an attached message.
If the worm infects a computer, it will allow the attacker to have remote, unauthorised access to the machine. Due to the ability of the remote user to perform so many different actions on the server system - including installation of applications - it is highly recommended that compromised systems be reinstalled, says Symantec.
The worm also creates a mass mailing of itself, which may clog mail servers and downgrade system performance.
Symantec recommends that users take the normal precautions: filtering attachments not on a list of approved types at the e-mail gateway, and applying the Outlook E-mail Security Update (Q262631) to block user access to certain attachment types. This will also notify the user of applications attempting to access the Outlook address book, says Symantec Security Response senior manager Oliver Friedrichs.
"We've seen numerous variants of the Beagle family in the last six months. However, W32.Beagle.AB@mm appears to be spreading rapidly, outpacing the last several variants. This threat is impacting both consumers and business alike, so all users should be taking steps to ensure their systems are protected."
Share