January 20, 2004 Information Security Advisory

All,

A new worm is making its way into many email boxes.
This worm only affects Windows PCs.

W32.Beagle.A@mm is a mass-mailing worm that accesses remote Web sites and sends 
email to any addresses it finds. The email has the following characteristics: 

Subject: Hi
Filename: <Random>.exe
Filesize: 15,872 bytes

This worm will only work until January 28, but it has been observed all over the world and 
is rapidly spreading.

The payload installs a file on your PC and sends out emails with spoofed "from" email address.
The worm also creates a listening thread on the PC's port# 6777 to enable a remote attacker to
install software and execute it on the infected computer.

Solution
update anti-virus signatures, scan your machine, download removal tools from your favorite
anti-virus vendor's site:

http://securityresponse.symantec.com/avcenter/FxBeagle.exe
http://www.trendmicro.com/download/dcs.asp
http://www.sophos.com/support/disinfection/baglea.html

Please follow scanning and removal instructions from the vendor of your choice.


Happy safe computing!

Frederic Martin
www.workingarts.com

PS: If you want to be removed from this computer security advisory mailing list, please 
reply with "remove" in the subject of the message. To review archived security warnings, 
please go to http://www.workingarts.com/infosecarchives.html