Dr.Web - innovative technologies for information security. Antivirus & antispam protection. / Information

New Beagle is on the loose

Virus monitoring service of Doctor Web, Ltd. informs on an intensive spreading of a new modification of the mass-mailing worm from the Beagle family, which is labeled by our company as Win32.HLLM.Beagle.18688. Like all its predecessors the new worm poses threat to Windows 95/98/MMMe/NNNT/2000/XP operated systems only.

The worm arrives at computers in mail messages or in files downloaded from peer-to-peer (file-sharing) networks. In case of an email attack the worm comes attached to a messages and its extension can be .exe, .com, .scr, or .cpl. It generates its own messages for future propagation using its own SMTP engine.

Being executed by a user himself, the worm drops its copy named bawindo.exe to the Windows System folder and points to it in the registry entry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
having attributed it a bawindo value, which automatically secures its launch at every system restart.

The worm also places its copy to the folders the names of which contain the «shar» sequence of symbols in their names — this is how it starts its destructive traveling across the file-sharing nets.

The worm opens port TCP/81 and starts «listening» to the Internet waiting for external instructions from its creator. The back-door procedure run by the worm contains one more malicious feature — the worm also deletes the values of antivirus programs and firewalls from the following registry entries

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Other news

2008-05-13 April 2008 virus activity review from Doctor Web, Ltd.
2008-05-13 Twenty five thousand subscribers of Eltel get protection by Dr.Web AV-Desk™
2008-05-07 Dr.Web AV-Desk shields four hundred educational institutions of the Russian university network RUNNet
2008-05-06 New version of Dr.Web anti-virus scanner for Windows released
2008-05-06 Win32.Ntldrbot (aka Rustock.C) no longer a myth, no longer a threat. New Dr.Web scanner detects and cures it for real
2008-05-05 Another 17 Russian cities get anti-virus as a service with Dr.Web AV-Desk
2008-05-04 Protection against viruses and spam from Doctor Web, Ltd. and Sun Microsystems thoroughly tested
2008-05-04 Another Russian ISP launches Dr.Web AV-Desk
2008-05-02 Doctor Web – Central Asia Kazakhstan market summary 2007
2008-05-02 Doctor Web came to China at the eve of Olympics
2008-04-08 PC Magazine Russia: Dr.Web AV-Desk – the best product-as-a-service of 2007
2008-04-07 Dr.Web for IBM Lotus Domino – a new product by Doctor Web, Ltd. protecting application servers of enterprises and corporations
2008-04-03 Updated Dr.Web Shell Extension library released
2008-04-03 Dr.Web for Unix Mail servers and Dr.Web Mail Gateway have been updated to version 4.44.1
2008-04-02 March 2008 virus activity review from Doctor Web, Ltd.
2008-04-01 Updated version of Dr.Web Enterprise Suite 4.44.2 released
2008-04-01 Dr.Web scanner vanquishes BackDoor.MaosBoot once again
2008-04-01 Updated modules of Dr.Web anti-virus for Windows workstations released

	Information
News viruses anti-virus corporate Subscribe to our news Free services Virus info lookup

My five cents

What is the screen size of your monitor?

Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.