New E-Mail Worm Spreads
Beagle 2, the European Space Agency's Mars explorer, did not have much success with its mission of exploring the surface of the Red Planet. But a new e-mail worm with the same name is apparently having better luck exploring the Internet, according to warnings issued by leading antivirus software companies.
The new worm, known as W32.Beagle and W32.Bagle, appeared on Sunday and spreads by harvesting e-mail addresses from computer hard drives, then mailing copies of itself out to those addresses. It fakes the "from" address on e-mail messages it sends, antivirus companies say.
The worm arrives in an e-mail file attachment with a randomly generated name and EXE extension. E-mail messages containing the worm have the subject "Hi" and a message body that reads: "Test =)" followed by some randomly generated characters and then "Test, yep," says F-Secure of Helsinki.
The worm affects computers running a number of versions of Microsoft's Windows operating system including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. It is programmed to stop spreading on January 28, 2004, F-Secure says.
Mass mailing worms are common and Beagle's suspicious subject line and message body should be enough to keep most users from opening the file attachment and infecting themselves. Also, many companies block e-mail messages that contain EXE file attachments, which would stop the spread of the worm, F-Secure says.
However, Beagle appears to be particularly good at harvesting e-mail addresses from its victims and then targeting those addresses with copies of itself, which may account for its spread, the company says.
Assessments of Beagle's threat vary widely. Symantec rates Beagle a Level 2 or "low" threat, meaning that the company considered Beagle "reasonably harmless and containable." F-Secure says Beagle was a "Level 1" threat on its virus radar, the highest level alert indicating a worldwide epidemic of a serious new virus such as Nimda, the company says.