Virus Alert: W32.Beagle.A (Jan. 19, 2004)

Windows "W32.Beagle.A@mm" worm reported on campus (01/19/04)

W32.Beagle.A@mm, a Windows virus, has been reported at Cornell. W32.Beagle.A@mm infects computers running Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. Computers running Macintosh, Linux, or Unix are not affected.

You may have received worm-infected messages from people you know at Cornell. Even CIT-Alert-L fell victim. That does not necessarily mean the sender's computer is infected. This worm, like many others, mails itself to any e-mail address it finds.

On Jan. 19, PureMessage (the virus-blocking software on CIT's mail system) was updated and is now blocking messages containing this worm.

Variants:

Beagle.E, Feb. 28
Beagle.J, March 2

What to Watch For

W32.Beagle.A@mm is contained in an e-mail attachment. The subject of the message is "Hi" and the attachment is a random name followed by .exe.

Do not open the attached file. If launched, W32.Beagle.A@mm will infect the computer and attempt to mail itself to any address found in wab, .htm, .html and .txt files.

Detailed description (from Symantec)

How to Avoid It

Update your Symantec AntiVirus software and perform a complete system scan. W32.Beagle.A@mm is detected by Symantec AntiVirus software that has been updated to the Jan. 18, 2004, virus definition file, or a newer file.

To update, run Symantec AntiVirus and choose Live Update. Or download the file via Bear Access (Virus Protection folder) or from Symantec's download site. Cornell University has signed a site license with Symantec to provide Symantec AntiVirus (SAV) to the entire campus community. The license allows SAV to be used on all university-owned computers, home computers of staff and faculty, and computers owned by registered students.

Also see CIT's tips for making Eudora more resistant to viruses/worms.

How to Get Rid of It

Symantec has provided instructions for removing this worm. If you need additional assistance, please contact the CIT Contact Center (HelpDesk) at 255-8990 or helpdesk@cornell.edu.

Last modified: June 04, 2007