Virus Characteristics: This is a mass-mailing worm with a remote access component.� The worm arrives in an email message with the following characteristics: From: (address may be forged) Subject: Hi Body: �Test =) (random characters) -- Test, yep.
Attachment: (random filename) 15,872 bytes example: frjujs.exe When the attachment is run, the virus checks the system date.� If the date is January 28, 2004 or later, the virus simply exits and does not propagate.� Otherwise, the virus executes the standard Windows�calculator program CALC.EXE. Meanwhile, the virus copies itself to the WINDOWS SYSTEM directory (%SysDir%) as bbeagle.exe , and creates a registry key to load itself at system startup Method Of Infection Manually executing an infected email attachment infects the local system, which is then used to email the virus to others. Symptoms System listening on TCP port 6777 Presence of the file bbeagle.exe in the WINDOWS SYSTEM directory For more information please check: http://vil.nai.com/vil/content/v_100965.htm
