WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
February 17, 2004
Intruder Alert 3.6 W32_Beagle_B_Worm Policy

This policy detects the propagation of the W32.Beagle.B Worm.

W32.Beagle.B@mm is a mass-mailing worm that opens a backdoor on TCP port 8866.

Download ITA W32_Beagle_B_Worm Policy

NOTE: The "Beagle_B_File_Detected" rule only works if the instructions for configuration for Filewatch monitoring have been implemented. These instructions are outlined below.

Affected Platforms

Windows NT/2000/2003/XP

Description

This policy detects changes in the registry associated with the W32.Beagle.B Worm.

Policy Rules include:

  • Beagle_B_Worm_Activity
    This rule detects the changes in the registry associated with the W32.Beagle B Worm.

  • Beagle_B_File_Detected
    This rule detects the creation of files associated with infection of the W32.Beagle.B worm.

ITA Filewatch Configuration Instructions

  1. Browse to the system folder where the ITA agent is installed.

  2. Locate the ntcrit_S.lst file.

  3. Insert the following file to be monitored:

    #windir\system32\au.exe


Last modified on: Wednesday, 18-Feb-04 04:15:10
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2009 Symantec Corporation