Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-10-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

URGENT: New version of Beagle hitting

Published: 2004-10-28
Last Updated: 2004-10-29 13:31:41 UTC
by Deborah Hale (Version: 1)
0 comment(s)
W32.Beagle.AV@mm

There appears to be a new Beagle on the loose. According to the information on Symantecs Security Response Page it opens a backdoor on port 81. It creates a file with a variant of the name wingo in the executable name, adds a wingo.exe in the Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and attempts to disable anti-virus and security software and block the websites.

Lenny will continue to update in the next diary.
Deb Hale
Handler on Duty
Keywords:
0 comment(s)
Diary Archives