Latest e-mail worm could be as serious as Nimda

Leading anti-virus software companies have warned of an e-mail worm called W32.Beagle and W32.Bagle

Leading anti-virus software companies have warned of an e-mail worm called W32.Beagle and W32.Bagle

The worm spreads by harvesting e-mail addresses from computer hard drives, then mailing copies of itself out to those addresses, faking the "from" address on e-mail messages it sends.

The worm arrives in an e-mail file attachment with a randomly generated name and EXE extension. E-mail messages containing the worm have the subject "Hi" and a message body that reads: "Test =)" followed by some randomly generated characters and then "Test, yep", said F-Secure.

The worm affects computers running a number of versions of Microsoft's Windows operating system including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. It is programmed to stop spreading on 28 January.

Mass-mailing worms are common and Beagle's suspicious subject line and message body should be enough to keep most users from opening the file attachment and infecting themselves. Also, many companies block e-mail messages that contain EXE file attachments, which would stop the spread of the worm.

However, Beagle appears to be particularly good at harvesting e-mail addresses from its victims and then targeting those addresses with copies of itself, which may account for its spread.

Symantec has rated Beagle a Level 2 or "low" threat, meaning that the company considered Beagle "reasonably harmless and containable".

However, F-Secure said Beagle was a Level 1 threat, the highest level alert indicating a worldwide epidemic of a serious new virus such as Nimda.

Paul Roberts writes for IDG News Service



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: