Virus name: Beagle.J (aka Bagle.J)
Example: [Collected on the Internet, 2004]
Dear user of Snopes.com, We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and Please, read the attach for further details. Have a good day, |
Origins: Beagle.J is a variant of the Beagle mass-mailing worm that affects only
- management@aol.com
- administration@aol.com
- staff@aol.com
- noreply@aol.com
- support@aol.com
The message itself is assembled from a variety of phrases and sentences. The subject line of a Beagle-infected message can be any one of the following:
- E-mail account disabling warning.
- E-mail account security warning.
- Email account utilization warning.
- Important notify about your e-mail account.
- Notify about using the e-mail account.
- Notify about your e-mail account utilization.
- Warning about your e-mail account.
The introductory line of the message can be any of the following, customized with the recipient's domain name (we use 'aol.com' as an example of a domain name throughout these listings):
- Dear user of aol.com,
- Dear user of aol.com gateway e-mail server,
- Dear user of e-mail server "aol.com",
- Hello user of aol.com e-mail server,
- Dear user of "aol.com" mailing system,
- Dear user, the management of aol.com mailing system wants to let you know that,
The first paragraph of the message can be any one of the following:
- Your e-mail account has been temporary disabled because of unauthorized access.
- Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
- Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
- We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and
e-mail account safe, please, follow the instructions. - Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
- Some of our clients complained about the spam (negative
e-mail content) outgoing from youre-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
The concluding line of the message can be any one of the following:
- For more information see the attached file.
- Further details can be obtained from attached file.
- Advanced details can be found in attached file.
- For details see the attach.
- For details see the attached file.
- For further details see the attach.
- Please, read the attach for further details.
- Pay attention on attached file.
The message can be signed off with any of the following lines:
- The Management,
- Sincerely,
- Best wishes,
- Have a good day,
- Cheers,
- Kind regards,
The message will include a copy of the Beagle worm in a .zip or .pif attachment bearing one of the following filenames:
- Attach
- Information
- Readme
- Document
- Info
- TextDocument
- TextFile
- MoreInfo
- Message
Symantec's web site offers a
Additional Information:
 | W32.Beagle.J@mm (Symantec) |
| | W32/Bagle.j@MM (McAfee) |
| | WORM_BAGLE.J (Trend Micro) |
Last updated: 27 January 2008