The New Worm on the Cyber Scene

The Beagle.AQ worm, which surfaced last month, exemplifies the latest in cyber threats. It is yet another variant of the prolific Beagle worm family that attacks Windows systems. Although many copies of Beagle.AQ were sent to Lab users before the virus wall vendor provided the necessary updates to the Lab's virus wall administrators, not a single user opened the attachment! Lab users deserve considerable credit for stopping the spread of this worm.

Shortly after Beagle.AQ surfaced, the Lab's virus wall administrators implemented another virus wall as a second line of defense. A major benefit is that if one virus wall vendor is slow in distributing an update, the Lab may still be able to get a timely update from the other.

This worm arrives as a message with "foto" as the subject and an attachment named "foto.zip." The indicated sender's address is falsified in an attempt to get the recipient to open the attachment. If the recipient opens the attachment on a Windows system that does not have updated anti-virus software, Beagle.AQ infects the system. Beagle makes Registry modifications, attempts to hide itself from firewall and anti-virus software that has not been updated, and creates both a back door (to allow unauthorized remote access) and a mail engine.