New Beagle spreads on the Net

Analysts from Virus Monitoring Service of Doctor Web, Ltd. have registered appearance of a new clone of Beagle mass - mailing worms actively propagating via email and through file-sharing networks – the two most efficient and speedy ways of mass infection of computers worldwide. The worm has been labeled by Dr.Web as Win32.HLLM.Beagle.18336, with other antivirus vendors it is called W32/Bagle.bj@MM, WORM_BAGLE.AY.

The worm’s executable code arrives to users’ computers in the attached files with .com, .exe, .src or .cpl extensions. Its name consists of sequence of alpha-numeric , forexample guupd02. Being activated, it places its copies sysformat.exe, sysformat.exeopen and sysformat.exeopenopen to the Windows\System folder and points to them in the system registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Propagation via e-mail
With the help of its own SMTP engine, the worm distributes itself from already infected machines. For this, it gathers in the invaded computer mail addresses from files with definite extensions and constructs its own mail messages consisting of false sender address, a subject and a message body, which has just one srting

Thanks for use of our software
or
Before use read the help.

Propagation through file-sharing networks

The worm propagates through file-sharing networks by placing its copy into the directories which have a “shar” in their names, pretending to be a file of a popular software program, including beta version of Windown Longhorn.

Trojan activity

The body of the worm stores a considerable list of web-sites it tries to download a file error.jpg, which is a remote administration utility.

Destructive influence on a system

The worm deactivates files of different antivirus programs and cyber security applications, including the Dr.Web automatic updating utility DRWEBUPW.EXE. If a Dr.Web user fails to update the latest add-on for the virus base, it is available for manual downloading from our web-site.

It also deletes from the system registry entries

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run

My AV
ICQ Net

2008-07-03	June virus activity review from Doctor Web, Ltd.
2008-07-03	2000 companies using services of OBLTELECOM experience reliable anti-virus protection with Dr.Web
2008-06-30	Dr.Web AV-Desk guards information of corporate customers of Newcom Port
2008-06-27	Doctor Web, Ltd. establishes a subsidiary company in France
2008-06-27	Dr.Web AV-Desk will remove malware from networks of Volkhov-Online
2008-06-26	Dr.Web AV-Desk comes to Kyrgyzstan
2008-06-26	Deployment of Dr.Web AV-Desk reduced the workload of Ufanet support service
2008-06-23	Dr.Web AV-Desk will deliver "clean" Internet to 50 000 users in Moscow region
2008-06-19	STREAM-TV Izhevsk employs Dr.Web AV-Desk
2008-06-18	Dr.Web Enterprise Suite protects UAZ
2008-06-10	Doctor Web, Ltd. releases SpIDer Mail 4.44.2.
2008-06-05	May 2008 virus activity review by Doctor Web, Ltd.
2008-06-04	AKADO chooses Dr.Web AV-Desk and recommends Dr.Web to its subscribers
2008-06-04	Spam doesn’t always mean "malware”
2008-05-29	Yandex recommends Dr.Web CureIt! to tackle malware faking web-pages
2008-05-27	The new version of Dr.Web for Windows anti-virus scanner released
2008-05-26	Izhevsk.net launches Dr.Web AV-Desk
2008-05-13	April 2008 virus activity review from Doctor Web, Ltd.
2008-05-13	Twenty five thousand subscribers of Eltel get protection by Dr.Web AV-Desk™
2008-05-07	Dr.Web AV-Desk shields four hundred educational institutions of the Russian university network RUNNet
2008-05-06	New version of Dr.Web anti-virus scanner for Windows released
2008-05-06	Win32.Ntldrbot (aka Rustock.C) no longer a myth, no longer a threat. New Dr.Web scanner detects and cures it for real
2008-05-05	Another 17 Russian cities get anti-virus as a service with Dr.Web AV-Desk
2008-05-04	Protection against viruses and spam from Doctor Web, Ltd. and Sun Microsystems thoroughly tested
2008-05-04	Another Russian ISP launches Dr.Web AV-Desk