Beagle.U/Bagle.u was discovered earlier today (as in, during the night)
and has been increased to a medium/level 3 threat this morning due to
There are currently beta virus definitions which I am installing now on
the central virus servers. These definitions will push out to desktop
machines with on-campus SAV throughout the morning, but because they're
beta defs you will not be able to force on-campus SAV to update via Live
There are no stand-alone removal tools to detect/protect against Beagle.U
at the desktop leve but the UVM email gateway is detecting it.
Beagle.U arrives in mail messages containing the following
From: (spoofed - using one of the harvested email addresses)
Attachment: randomly named executable, with a .EXE extension
The worm does not mail itself to addresses containing the following:
The worm also opens TCP port 4751 and sends information to
http://www.werde.de. I have asked Network Services to block outgoing to
traffic to the URL and to the TCP port if possible.
I will update this list when stand-alone tools become available.
Questions or problems regarding Beagle.U should be directed to CIT
Helpline at [log in to unmask] or 6-2604.