Bagle/Beagle worm spreading fast
Posted on January 20, 2004
Filed Under /dev/null/ | 62 views |
There’s a new email worm making the rounds and judging from the number of copies that I’ve received thus far, it’s spreading moderately quickly. Note that this is a Windows-only worm.
The characteristics of a Bagle (aka Beagle)-infected email are:
- The From: field is spoofed. That is: it likely isn’t from who it says it’s from
- It has “hi” or “test” as its subject line
- The message body contains the phrase “Test” and a smiley followed by a line of gibberish like so:
Test =)
aowybbojjfjwudjx - It contains an executable attachment who’s name is also gibberish but always appears to end in .exe (and you never, ever open attachments that end in .exe, right? No matter who the email says it comes from, right?)
- The attachment is 15.5k in size
Should you receive any emails matching this description don’t fret, it doesn’t mean that you’re infected per se. It means that someone who knows you is infected and is sending out copies, one of which you happened to receive.
Every time a new virus or worm makes its rounds I get asked a number of questions by people who’ve received it regarding what they should do about it: Does it mean they’re infected? Should they re-install their system? Should they throw out all their email? Should they try to find the person who sent it and tell them they’re infected? Should they try to find the person who first sent it? Etc.
As a general rule regarding the propogation of email viruses, here’s what you should do:
- Do not, under any circumstances, open the attachment
- Instead, delete the email in question
- Sit back, relax and wait for the next copy to drop into your Inbox
For more information about Bagle see: New Internet virus spreading fast and Say hello to the Bagle Worm [SecurityFocus].
Update: Slashdot has the story now: ‘Bagle’ Worm Heading For A Windows PC Near You via a fairly comprehensive story about it at Yahoo!: New Worm Attacks Windows Computers.
Comments
Leave a Reply