Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

URGENT: New version of Beagle hitting

Published: 2004-10-28
Last Updated: 2004-10-29 13:31:41 UTC
by Deborah Hale (Version: 1)
0 comment(s)

There appears to be a new Beagle on the loose. According to the information on Symantecs Security Response Page it opens a backdoor on port 81. It creates a file with a variant of the name wingo in the executable name, adds a wingo.exe in the Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and attempts to disable anti-virus and security software and block the websites.

Lenny will continue to update in the next diary.
Deb Hale
Handler on Duty
0 comment(s)
Diary Archives