January 22, 2004 - Current Activity

US-CERT has received reports of a new mass-emailing worm, referred to as "W32/Beagle" or "W32/Bagle". It arrives as an attachment to an email with the subject line of "Hi". The attachment is an executable file (.EXE) file with a file name consisting of a random sequence of characters. Upon opening the attachment, the worm scans certain files on the user's system collecting email addresses, then attempts to mail itself to all e-mail addresses it found. The FROM: address is spoofed to hide the identity of the sender. Additionally, the worm opens a port on the user's system (usually port 6777) which permits an attacker to gain access to the system.

US-CERT strongly encourages users to install and maintain anti-virus software. We also encourage users to exercise discretion when opening any email attachment.

You may also wish to visit the US-CERT's computer virus resources page.

US-CERT has received reports of systems being successfully compromised via a remotely exploitable buffer overflow in the DameWare Mini Remote Control management package. This vulnerability is documented in VU#909678. Users are encouraged to upgrade to the newest version of the software from the DameWare site.

If you have additional information about systems compromised using this vulnerability, please send email to cert@cert.org.