Symantec Security Response: W.32.Beagle.Ab worm raised to level three

Symantec Security Response has identified a new variant of the Beagle worm -- W32.Beagle.AB@mm. Symantec has upgraded this threat to a level three due to increased submission rates from both corporate and consumer customers. To date, Symantec has received a total of 66 submissions - 17 from corporate customers.

W32.Beagle.AB@mm is a mass-mailing worm that opens a backdoor on TCP port 1080 and uses its own SMTP engine to spread through e-mail. The source code is embedded in the worm and may arrive in an e-mail or in an attached message. If a machine becomes infected with W32.Beagle.AB@mm, it will allow the attacker to have remote, unauthorised access to the machine. Due to the ability of the remote user to perform so many different actions on the server system - including installation of applications - it is highly recommended that compromised systems can be reinstalled.

The threat also creates a mass mailing of itself, which may clog mail servers and downgrade system performance.

Symantec Security Response recommends that IT administrators filter attachments not on a list of approved types at the e-mail gateway and apply the Outlook E-mail Security Update (Q262631) in order to block user access to certain attachment types. This update will also notify the user of applications attempting to access the Outlook address book.

"We've seen numerous variants of the Beagle family in the last six months; however, W32.Beagle.AB@mm appears to be spreading rapidly, outpacing the last several variants," said Oliver Friedrichs, senior manager, Symantec Security Response. "This threat is impacting both consumers and business alike, so all users should be taking steps to ensure their systems are protected."

Symantec strongly advises users not to open e-mails from unknown sources and to keep all anti-virus definitions up to date.

If you would like more information or would like to speak with a Symantec security expert, please contact Symantec or Orange Ink.