Virus name:   Beagle.Q (aka Bagle.Q)


Status:   Real.

Origins:   Beagle.Q is a variant of the Beagle mass-mailing worm that affects only Microsoft NT or Windows-based systems. It does not replicate through the usual method of sending itself out as an e-mail attachment — it replicates by sending out “carrier” messages with spoofed return addresses, then exploiting a vulnerability in the Microsoft Outlook mail client to download itself from remote servers when recipients open those messages.

The subject line of a Beagle.Q carrier message could be any one of the following:


  • Re: Document

  • Encrypted document

  • Fax Message Received

  • Forum notify

  • Re: Hello

  • Re: Hi

  • Hidden message

  • Re: Incoming Fax

  • Incoming message

  • Re: Incoming Message

  • Re: Msg reply

  • Protected message

  • RE: Protected message

  • Request response

  • Site changes

  • RE: Text message

  • Re: Thank you!

  • Re: Thanks 🙂

  • Re: Yahoo!

The bodies of Beagle.Q carrier messages contain no text.

The vulnerability exploited by Beagle.Q was (supposedly) fixed by a Microsoft security patch released in October 2003.

A disinfection tool for the Bagle/Beagle worm is available on the Sophos anti-virus site.

Additional Information:



  W32/Bagle-Q W32/Bagle-Q (Sophos)

Last updated:   25 January 2008