Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: URGENT: New version of Beagle hitting SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
URGENT: New version of Beagle hitting
W32.Beagle.AV@mm

There appears to be a new Beagle on the loose. According to the information on Symantecs Security Response Page it opens a backdoor on port 81. It creates a file with a variant of the name wingo in the executable name, adds a wingo.exe in the Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and attempts to disable anti-virus and security software and block the websites.

Lenny will continue to update in the next diary.
Deb Hale
Handler on Duty
Deborah

279 Posts
ISC Handler
Oct 29th 2004

Sign Up for Free or Log In to start participating in the conversation!