Origins: Beagle.Q is a variant of the Beagle mass-mailing worm that affects only Microsoft NT or Windows-based systems. It does not replicate through the usual method of sending itself out as an e-mail attachment — it replicates by sending out "carrier" messages with spoofed return addresses, then exploiting a vulnerability in the Microsoft Outlook mail client to download itself from remote servers when recipients open those messages.
The subject line of a Beagle.Q carrier message could be any one of the following:
Re: Document
Encrypted document
Fax Message Received
Forum notify
Re: Hello
Re: Hi
Hidden message
Re: Incoming Fax
Incoming message
Re: Incoming Message
Re: Msg reply
Protected message
RE: Protected message
Request response
Site changes
RE: Text message
Re: Thank you!
Re: Thanks :)
Re: Yahoo!
The bodies of Beagle.Q carrier messages contain no text.
The vulnerability exploited by Beagle.Q was (supposedly) fixed by a Microsoft security patch released in October 2003.
A disinfection tool for the Bagle/Beagle worm is available on the Sophos anti-virus site.
