Virus Advisory: March 2004 Archives

03/16/04 : VIRUS ALERT: NEW BEAGLE VARIANTS

03/03/04 : Virus Alert: Increase in Beagle and Netsky Variant Activity

VIRUS ALERT: NEW BEAGLE VARIANTS

Posted on March 16, 2004 09:20 AM

NOTE: Variants of Beagle are appearing regularly. Three new variants appeared over the weekend. The important characteristics of Beagle are:

1) email originating from email addresses "@brown.edu" that look like official domain email
2) zipped files attached, some that are encrypted (passworded)
3) Symantec now has virus definitions for BeagleN (3/15/2004 rev. 18)

Affected OS
* Windows 2000
* Windows 95
* Windows 98
* Windows Me
* Windows NT
* Windows Server 2003
* Windows XP

Not Affected
* DOS
* Linux
* Macintosh
* Microsoft IIS
* OS/2
* UNIX
* Windows 3.x

Impact
* Many reports on campus
* Some variants not detected by email scanning gateways (ie. you receive live payload)

Risk
* High
* Generates high volumes of email from spoofed Brown addresses, causing confusion
* Spoofs official email, causing confusion and gaining user trust
* Unauthorized remote access on port 2556/tcp

How Do They Propogate
* Email
* KaZaA and iMesh file sharing networks
* Any folders with *shar* in name

Symptoms of Infected Machines
* Symantec Antivirus detection for 3/14/2004 includes Beagle.M
* Degradation of system performance; these rapidly infest Windows machines
* Email complaints from people about receiving infected email
* Inbound traffic on ports 2556/tcp

Remediation for Infected Users
* All users should run LiveUpdate to make sure that virus definitions are current
* Locate the most current version of the Beagle removal tool at Symantec's Web site.
* Follow Symantec removal instructions for appropriate virus. The variants are so numerous at this time. Please consult the Symantec Latest Virus Threat page to locate the variant that you need to clean up at: http://www.sarc.com/avcenter/vinfodb.html
* Links to automated clean up tools are often available at the head of the virus description page; manual clean up instructions appear near the foot of the virus description page.

Actions for All Users
* Keep antivirus autoprotection enabled
* Keep antivirus definitions up to date
* Do not open email with unexpected attachments and suspicious subjects, even if from a known user
* Don't forward any email with unexpected attachments and suspicious subjects

Handling
* All users who need assistance should contact the Help Desk at 863-HELP.

Virus Alert: Increase in Beagle and Netsky Variant Activity

Posted on March 03, 2004 10:07 AM

The campus email infrastructure is processing a high volume of virus infected email. An additional problem is that the latest Beagle variants appear to be 'official' email from management@brown.edu or they may say they come from the 'brown.edu team' in the message itself. These are NOT legitimate. If you receive these messages, you should delete them.

Any infected email stripped of attachments by Brown's Email servers will have a "deleted.txt" attachment. "DeletedAttachment.txt" should be regarded as misleading infected attachments and must be deleted.

Affected OS: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Not Affected: DOS, Linux, Macintosh, Microsoft IIS, OS/2, UNIX, Windows 3.x

Impact
* Many variants detected by email virus scanners
* Variants (Beagle.K and Netsky.F) have been detected on campus

Risk
* High
* Generates high volumes of email from spoofed Brown addresses, causing confusion
* Spoofs official email, causing confusion and gaining user trust

How Do They Propogate
* Email
* KaZaA and iMesh file sharing networks
* Any folders with *shar* in name

Symptoms of Infected Machines:
* Symantec Antivirus detection for 3/2/04 includes Beagle.J
* Degradation of system performance; these rapidly infest Windows machines
* Email complaints from people about receiving infected email
* Inbound traffic on ports 2745/tcp (Beagle.J and K)

Remediation for Infected Users
* All users should run LiveUpdate to make sure that virus definitions are current
* Follow Symantec removal instructions for appropriate virus. The variants are so numerous at this time. Please consult the Symantec Latest Virus Threat page to locate the variant that you need to clean up at: http://www.sarc.com/avcenter/vinfodb.html
Links to automated clean up tools are often available at the head of the virus description page; manual clean up instructions appear near the foot of the virus description page.

Actions for All Users:
* Keep antivirus autoprotection enabled
* Keep antivirus definitions up to date
* Do not open email with unexpected attachments and suspicious subjects, even if from known user
* Don't forward any email with unexpected attachments and suspicious subjects

Users needing assistance should contact the Help Desk at 863-HELP.

[an error occurred while processing this directive]
Virus Advisory: March 2004 03/16/04 : VIRUS ALERT: NEW BEAGLE VARIANTS 03/03/04 : Virus Alert: Increase in Beagle and Netsky Variant Activity VIRUS ALERT: NEW BEAGLE VARIANTS Posted on March 16, 2004 09:20 AM NOTE: Variants of Beagle are appearing regularly. Three new variants appeared over the weekend. The important characteristics of Beagle are: 1) email originating from email addresses "@brown.edu" that look like official domain email 2) zipped files attached, some that are encrypted (passworded) 3) Symantec now has virus definitions for BeagleN (3/15/2004 rev. 18) Affected OS * Windows 2000 * Windows 95 * Windows 98 * Windows Me * Windows NT * Windows Server 2003 * Windows XP Not Affected * DOS * Linux * Macintosh * Microsoft IIS * OS/2 * UNIX * Windows 3.x Impact * Many reports on campus * Some variants not detected by email scanning gateways (ie. you receive live payload) Risk * High * Generates high volumes of email from spoofed Brown addresses, causing confusion * Spoofs official email, causing confusion and gaining user trust * Unauthorized remote access on port 2556/tcp How Do They Propogate * Email * KaZaA and iMesh file sharing networks * Any folders with shar in name Symptoms of Infected Machines * Symantec Antivirus detection for 3/14/2004 includes Beagle.M * Degradation of system performance; these rapidly infest Windows machines * Email complaints from people about receiving infected email * Inbound traffic on ports 2556/tcp Remediation for Infected Users * All users should run LiveUpdate to make sure that virus definitions are current * Locate the most current version of the Beagle removal tool at Symantec's Web site. * Follow Symantec removal instructions for appropriate virus. The variants are so numerous at this time. Please consult the Symantec Latest Virus Threat page to locate the variant that you need to clean up at: http://www.sarc.com/avcenter/vinfodb.html * Links to automated clean up tools are often available at the head of the virus description page; manual clean up instructions appear near the foot of the virus description page. Actions for All Users * Keep antivirus autoprotection enabled * Keep antivirus definitions up to date * Do not open email with unexpected attachments and suspicious subjects, even if from a known user * Don't forward any email with unexpected attachments and suspicious subjects Handling * All users who need assistance should contact the Help Desk at 863-HELP. Virus Alert: Increase in Beagle and Netsky Variant Activity Posted on March 03, 2004 10:07 AM The campus email infrastructure is processing a high volume of virus infected email. An additional problem is that the latest Beagle variants appear to be 'official' email from management@brown.edu or they may say they come from the 'brown.edu team' in the message itself. These are NOT legitimate. If you receive these messages, you should delete them. Any infected email stripped of attachments by Brown's Email servers will have a "deleted.txt" attachment. "DeletedAttachment.txt" should be regarded as misleading infected attachments and must be deleted. Affected OS: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Not Affected: DOS, Linux, Macintosh, Microsoft IIS, OS/2, UNIX, Windows 3.x Impact * Many variants detected by email virus scanners * Variants (Beagle.K and Netsky.F) have been detected on campus Risk * High * Generates high volumes of email from spoofed Brown addresses, causing confusion * Spoofs official email, causing confusion and gaining user trust How Do They Propogate * Email * KaZaA and iMesh file sharing networks * Any folders with shar in name Symptoms of Infected Machines: * Symantec Antivirus detection for 3/2/04 includes Beagle.J * Degradation of system performance; these rapidly infest Windows machines * Email complaints from people about receiving infected email * Inbound traffic on ports 2745/tcp (Beagle.J and K) Remediation for Infected Users * All users should run LiveUpdate to make sure that virus definitions are current * Follow Symantec removal instructions for appropriate virus. The variants are so numerous at this time. Please consult the Symantec Latest Virus Threat page to locate the variant that you need to clean up at: http://www.sarc.com/avcenter/vinfodb.html Links to automated clean up tools are often available at the head of the virus description page; manual clean up instructions appear near the foot of the virus description page. Actions for All Users: * Keep antivirus autoprotection enabled * Keep antivirus definitions up to date * Do not open email with unexpected attachments and suspicious subjects, even if from known user * Don't forward any email with unexpected attachments and suspicious subjects Users needing assistance should contact the Help Desk at 863-HELP.
[an error occurred while processing this directive]