View Full Version : Beagle Virus

03-30-2004, 01:15 AM
Just to let you guys know, email messages carrying the Bagle worm and spoofing mac-forums.com email addresses are in circulation. The emails, purporting to originate from mac-forums.com, contain a password-protected .zip attachment and prompt recipients to open the attachment under the pretext of confidential information regarding their account.

The Bagle worm is wide-spread across the internet; in addition to the mac-forums.com domain, other email domains have also been spoofed.

Almost ironically, macs are not affected, but those of you who have PCs and haven't installed the latest anti-virus updates should be careful. We have not sent out any such emails.

Click here (http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html) for more information.

03-30-2004, 01:24 AM
For PC users:
Copies itself as %System%\sysinfo.exe.
Note: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Adds the value:
to the registry key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
so that the worm runs when you start Windows.
Creates the key:
Opens a backdoor on TCP port 4751, which allows for file downloading and execution.
Attempts to execute Dredr.exe, if the file is present on an infected computer.
Attempts to notify a predetermined Web server of the infection
Note: If the system clock's year is 2005 or later, this function will not occur.

03-30-2004, 02:38 AM
See, now that makes me feel special....at least when I'm using my mac..like right now. A virus that could potentially hurt some of the members of this forum...but only those who don't have macs. If they had them...they would be doing what I'm doing right now....irony is probably one of the funniest things sometimes...man....that's it...I'm going now.