International English version Traditional Chinese version
Proven Success

   Verified by Visa
   CNN Financial News
   Melbourne IT
   Rotary Club
   Salvation Army

Existing Users

   Domain Manager
   Retrieve Password

Domain Registration with Web Hosting

   Check a Domain
   Renewals
   Multiple Domain Search
   Our Prices
   Price Comparison Chart
   Volume Discount

Web Hosting

   Why Switch Hosting
   Add Webspace
   More POP Accounts
   Our Prices
   Dedicated Hosting
   DH Prices

Registrar Transfer with Web Hosting

   Why Registrar Transfer
   Bulk Transfer
   Our Prices
   Volume Discount

Bundled Services

   Webspace
   Email Services
   Domain Masking
   MX Records
   Canonical Names

Country-code Domain Names

   United States
   China and Taiwan
   Europe

Multilingual Domain Names

   About ML.com Names
   Western European
   Central European
   Greek and Coptic
   Turkish
   Simplified Chinese
   Chinese Traditional
   Korean
   Japanese

Free Redelegation

   Redelegation
   SSL (secure) Web Hosting

Reference Library

   Email Contacts
   Service Agreement
   About DNS
   Transfers in Action
   No Spam Policy
   How to Choose
   History of the Domain
   Dispute Policy
   Glossary
   Privacy Policy

Miscellaneous

   Main Page
   Escrow Service
   Our Low-price Strategy
   Corporate Web site
   Get Help



 Domain Registration with Web HostingWeb site Hosting with Various supportRegistrar Transfer with Web Hosting
Released: March 4, 2004

Description of the W32.Beagle.K@mm worm

The W32.Beagle.K@mm worm is:

  • Is a variant of W32.Beagle.J@mm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
  • Sends the attacker the port on which the backdoor listens, as well as the IP address.
  • Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

From Spoofed to appear as though it's coming from the one of the following addresses at the recipient's domain, including management@ administration@ staff@ noreply@ and support@ etc.
Subject Random (may contained the following subjects) like:
E-mail account disabling warning.
E-mail account security warning.
Email account utilization warning.
Important notify about your e-mail account.
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Warning about your e-mail account.
Body May contain the following message:
- Dear user of some_domain,
- Dear user of e-mail server "some_domain",
- Hello user of some_domain e-mail server,

Followed by one of the following paragraphs:
Your e-mail account has been temporary disabled because of unauthorized access.
- Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
- Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Attachment A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected, though Symantec antivirus products will detect these files. File with the following names: Attach, Information, Readme, Document, Info, TextDocument, TextFile, MoreInfo or Message

Known aliases

Please note that the W32.Beagle@mm worm is also known by other names, including Win32.Bagle.K, Bagle.K, W32/Bagle.k@MM, W32/Bagle.K.worm, W32/Bagle-K, Worm_Bagle.K etc.

More information and removal instructions

More about W32.Beagle@mm from Symantec



www.  
multiple names | IDNs or multilinguals 


IMPORTANT!    Melbourne IT imposter | .EU Registry alert | PayPal & eBay email scam

Home | Support | Check | Host | Transfer | Whois | More Technology Services

© 1996-2008 Wyith Ltd dba DomainAvenue.com. All rights reserved.

Canada | USA | UK | Belgium | Italy | Hongkong | Singapore