The latest worm making the rounds is called W32.Beagle.J@mm and it’s a clever one. Seems it spoofs the From line with one of these words “management,” “administration,” “staff,” “noreply,” or “support” picked at random and tacks on the domain name of the user’s email supplier to make it look official. The subject line can be one of several different variations that suggests there’s a problem with your email account such as “e-mail account security warning” and the body will read something like this:
- Dear user, the management of [domain] mailing system wants to let you know that, Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. Further details can be obtained from attached file.
The [domain] team http://www.[domain]
For security reasons attached file is password protected. The password is “[password]”.
Obviously the words [domain] is replaced with the user’s email domain and [password] is a random five digit number. The virus will actually generate a random message composed of various parts so the above email may not be exactly what you would receive as it’s only one possible combination, but it give you the gist of the message they’re trying to deliver. Basically, there’s a problem with your email account and to keep using it you should open the attachment they’ve helpfully provided in a password protected zip file and run the program found therein.
Don’t do it. Bad idea.
This puppy installs a backdoor into your system, shuts down the auto update utility of any virus scanners on your system, places infected files in folders commonly used by file sharing applications (Kazaa, Napster), and has the capacity to allow a remote attacker to download and execute code of any kind onto your system. Full details on this latest nasty bug can be found at Symantec Security Response – W32.Beagle.J@mm. Both Norton Antivirus and McAfee have dat file updates that will detect and remove this virus so if you’re not automatically downloading updates then make a point to update ASAP.