Beagle 2, the European Space Agency's Mars explorer, did not have much success with its mission of exploring the surface of the Red Planet. But a new email worm with the same name is apparently having better luck exploring the internet, according to warnings issued by leading antivirus software companies.
The new worm, known as W32.Beagle and W32.Bagle, appeared on Sunday (US time) and spreads by harvesting email addresses from computer hard drives, then mailing copies of itself out to those addresses, faking the "from" address on email messages it sends, antivirus companies say.
The worm arrives in an email file attachment with a randomly generated name and EXE extension. Email messages containing the worm have the subject "Hi" and a message body that reads: "Test =)" followed by some randomly generated characters and then "Test, yep," says F-Secure of Helsinki.
The worm affects computers running a number of versions of Microsoft's Windows operating system including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. It is programmed to stop spreading on January 28, 2004, F-Secure says.
Mass mailing worms are common and Beagle's suspicious subject line and message body should be enough to keep most users from opening the file attachment and infecting themselves. Also, many companies block email messages that contain EXE file attachments, which would stop the spread of the worm, F-Secure says.
However, Beagle appears to be particularly good at harvesting email addresses from its victims and then targeting those addresses with copies of itself, which may account for its spread, the company says.
Assessments of Beagle's threat vary widely. Symantec rates Beagle a Level 2 or "low" threat, meaning that the company considers Beagle "reasonably harmless and containable." F-Secure says Beagle was a "Level 1" threat on its virus radar, the highest level alert indicating a worldwide epidemic of a serious new virus such as Nimda, the company says.