Say hello to W32.Beagle.J@mm.

The latest worm making the rounds is called W32.Beagle.J@mm and it’s a clever one. Seems it spoofs the From line with one of these words “management,” “administration,” “staff,” “noreply,” or “support” picked at random and tacks on the domain name of the user’s email supplier to make it look official. The subject line can be one of several different variations that suggests there’s a problem with your email account such as “e-mail account security warning” and the body will read something like this:

    Dear user, the management of [domain] mailing system wants to let you know that, Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. Further details can be obtained from attached file.

    Sincerely,
    The [domain] team                 http://www.[domain]

    For security reasons attached file is password protected. The password is “[password]”.

Obviously the words [domain] is replaced with the user’s email domain and [password] is a random five digit number. The virus will actually generate a random message composed of various parts so the above email may not be exactly what you would receive as it’s only one possible combination, but it give you the gist of the message they’re trying to deliver. Basically, there’s a problem with your email account and to keep using it you should open the attachment they’ve helpfully provided in a password protected zip file and run the program found therein.

Don’t do it. Bad idea.

This puppy installs a backdoor into your system, shuts down the auto update utility of any virus scanners on your system, places infected files in folders commonly used by file sharing applications (Kazaa, Napster), and has the capacity to allow a remote attacker to download and execute code of any kind onto your system.  Full details on this latest nasty bug can be found at Symantec Security Response – W32.Beagle.J@mm. Both Norton Antivirus and McAfee have dat file updates that will detect and remove this virus so if you’re not automatically downloading updates then make a point to update ASAP.

11 thoughts on “Say hello to W32.Beagle.J@mm.

  1. Dear Stupid Asshole User,
    Here’s a file that purports to be from [domain].  Please run it posthaste, as you’re a total gimp and can be counted on to fall for anything.  Never mind that your system admin has told you time and again not to trust any attachment.

    Sincerely, [virus writer]

    —-

    It’s been one of those days for this email/virus admin.  Sigh.

  2. Yes it is.

    I am roped into reluctant IT support for some of my clients and associates. And no matter HOW many times you tell them to ignore attachments from people they don’t know…Luckily I travel in the Mac circles, and these things don’t usually affect us.

    The most nefarious thing I’ve ever contracted was a virus that played cute music while a little robot waddled onto your screen, SHOT the image out of your Quark document with his laser gun, and then waddled off the screen never to be seen again.

    [blink, blink]

    No, I’m not making this shit up. Of course it was 3am and I was alone in the office, and very tired. And the next day nobody believed me. But I was later able to track it down as a virus transmitted by “unsafe software”. It spread to Mac users who routinely traded disks with a printing service bureau.

    That was all it did, nothing else. I feel kinda special knowing someone wrote that specifically for my industry, platform, and presumed user activity. You had to be working on a Quark layout in the middle of the night, as artists are prone to do, and there it was…

    Fabulous.

    Just more evidence to support my theory that Mac geeks are just happy hippies, even at their worst. You PC guys get some seriously cruel stuff!

  3. Some days I don’t do it.  I just go home and bang my head against various doorframes until I black out.

    But I’m much better now. 

  4. I recieved this virus this morning…my anti-virus cleaned it and by the time I scanned it it was clean. It came back from the postal administrator and said I had sent it to someone that I had never heard of. I checked it out and it was the W32.Beagle.J….thanks for the infomation.

  5. Thanks Les—Got the Nsaty Email yesterday.  Not that I would have opened it, but you saved me at least an hour of phone time with my server.
    What kind of bad monkey DOES stuff like this, anyways?

  6. I recieved this email yesterday from someone claiming to be from yahoo. Im not a stupid girl, I replied to this email saying “Take your virus and shove it up your ass”

  7. I don’t know if it rings true for the Beagle virus, but I know many of the viruses coming out lately have that lovely address-spoofing ability - where it goes through your address book and sends itself out as the people in your address book.  So, say your mom got the virus, and her e-mail address is mom@mom.com, and she has an old high-school buddy in her address book with the e-mail of mary@hs.com,  Well, the virus would read your mom’s address book and send itself out using mary’s email address to you, the child.  You have no clue who Mary is, so you send your mom’s high school buddy and e-mail that says “take your virus and shove it up your ass”.

    Meanwhile, Mary, who doesn’t have the virus, gets an e-mail from someone she doesn’t know, saying the above.  She is now 80 years old, as your mother graduated from high school in 1932, and the word “ass” shocks her so much, she has a heart attack.

    (The preceding paragraph is simply an example, I didn’t even bother with the math, and I have no clue how old your mother is, honestly - it’s just for illustrative purposes.)

    Point being, the last few viruses that came out - especially MyDoom - had this ability.  I had to delete *all* of my e-mail addresses because people were bouncing it back to me, when I wasn’t the one who sent it in the first place.  At one point, checking my e-mail even locked up my PC because so many people had bounced it back to me.  It took me an hour to log into my own system via the web and get rid of - and proceed to delete email addresses and blackhole anything else - before my system returned to any type of normalcy.  And I *still* do not have the virus(es) and never have.

    Another point being, please do NOT e-mail or bounce the virus e-mails back to who you think sent them, because chances are, they didn’t.  Bouncing it or sending a response just clogs up servers and causes more problems than it’s worth.

    And I still say - if these virus writers would place their skills towards *good* instead of *evil*, we would live in a Utopian society where everyone loved everyone else, and we would all hold hands in sing in togas, and everyone would be shiny, happy billionares in a world where anyone with the last name of “Bush” would never be allowed to hold office.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.