Fact Check

Beagle.Q Virus

Information about the 'Beagle.Q' worm.

David Mikkelson

Published Mar 19, 2004

Virus name:   Beagle.Q (aka Bagle.Q)


Status:   Real.

Origins:   Beagle.Q is a variant of the Beagle mass-mailing worm that affects only Microsoft NT or Windows-based systems. It does not replicate through the usual method of sending itself out as an e-mail attachment — it replicates by sending out "carrier" messages with spoofed return addresses, then exploiting a vulnerability in the Microsoft Outlook mail client to download itself from remote servers when recipients open those messages.

The subject line of a Beagle.Q carrier message could be any one of the following:


  • Re: Document

  • Encrypted document

  • Fax Message Received

  • Forum notify

  • Re: Hello

  • Re: Hi

  • Hidden message

  • Re: Incoming Fax

  • Incoming message

  • Re: Incoming Message

  • Re: Msg reply

  • Protected message

  • RE: Protected message

  • Request response

  • Site changes

  • RE: Text message

  • Re: Thank you!

  • Re: Thanks :)

  • Re: Yahoo!

The bodies of Beagle.Q carrier messages contain no text.

The vulnerability exploited by Beagle.Q was (supposedly) fixed by a Microsoft security patch released in October 2003.

A disinfection tool for the Bagle/Beagle worm is available on the Sophos anti-virus site.

Additional Information:



  W32/Bagle-Q W32/Bagle-Q (Sophos)

Last updated:   25 January 2008

 

By David Mikkelson

David Mikkelson founded the site now known as snopes.com back in 1994.

Read More

Become
a Member

Your membership is the foundation of our sustainability and resilience.

Perks

Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime
$50.00 per year
$12.50 every 3 months
$5.00 per month
Choose your membership, or see other ways to help
default