Virus Advisory: July 2004 Archives

07/20/04 : WINDOWS VIRUS ALERT: W32.Beagle.AG@mm on Campus

WINDOWS VIRUS ALERT: W32.Beagle.AG@mm on Campus

Posted on July 20, 2004 09:15 AM

NOTE: There are now certified definitions for Beagle.AG available through Symantec Live Update. You may want to run Live Update manually if you aren't sure how your client machines are configured. Please keep in mind that Symantec Antivirus is unable to scan password protected zip archives so please just delete them.

Affected OS
* Windows 95
* Windows 98
* Windows Me
* Windows NT
* Windows 2000
* Windows XP

Not Affected OS
* DOS
* Linux
* Macintosh
* OS/2
* UNIX
* Windows 3.x

How Do They Propogate
* Typical mass mailer
* Self-contained SMTP engine so it can send out mail
* Gathers email addresses from infected machines

Risk
* High
* Remote access possible via backdoor opened

Impact
* Numerous compromised machines in dorms and departments

Symptoms of Infected Machines
* Backdoor open on 1080/tcp
* High volume of atypical SMTP activity from infected machines
* Instability

Remediation for Infected Users
* Use removal tool available from Symantec for download at
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html
* CIRT tickets will be filed for detected infected machines.
* Vulnerability scans will be performed prior to machine unfilter.

Actions for All Users
* Verify that Symantec Antivirus definitions are up to date (7/19/2004 rev. 48)
* Verify that File System Realtime Protection is enabled (i.e. gold shield in system tray)

Handling
* All users who need assistance should contact the Help Desk at 863-HELP.

[an error occurred while processing this directive]
Virus Advisory: July 2004 07/20/04 : WINDOWS VIRUS ALERT: W32.Beagle.AG@mm on Campus WINDOWS VIRUS ALERT: W32.Beagle.AG@mm on Campus Posted on July 20, 2004 09:15 AM NOTE: There are now certified definitions for Beagle.AG available through Symantec Live Update. You may want to run Live Update manually if you aren't sure how your client machines are configured. Please keep in mind that Symantec Antivirus is unable to scan password protected zip archives so please just delete them. Affected OS * Windows 95 * Windows 98 * Windows Me * Windows NT * Windows 2000 * Windows XP Not Affected OS * DOS * Linux * Macintosh * OS/2 * UNIX * Windows 3.x How Do They Propogate * Typical mass mailer * Self-contained SMTP engine so it can send out mail * Gathers email addresses from infected machines Risk * High * Remote access possible via backdoor opened Impact * Numerous compromised machines in dorms and departments Symptoms of Infected Machines * Backdoor open on 1080/tcp * High volume of atypical SMTP activity from infected machines * Instability Remediation for Infected Users * Use removal tool available from Symantec for download at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html * CIRT tickets will be filed for detected infected machines. * Vulnerability scans will be performed prior to machine unfilter. Actions for All Users * Verify that Symantec Antivirus definitions are up to date (7/19/2004 rev. 48) * Verify that File System Realtime Protection is enabled (i.e. gold shield in system tray) Handling * All users who need assistance should contact the Help Desk at 863-HELP.
[an error occurred while processing this directive]