New Bagle virus for those late Christmas shoppers
Looks like several new variants of the Bagle virus was spammed out late last night. These follow that pattern of “zip attachment with downloader that downloads mass-mailer”. Fun for the whole family.
Here are some vendor listings so far:
Symantec: W32.Beagle.DB@mm, W32.Beagle.DA@mm
McAfee (jeez guys): W32/Bagle.gen!F7B43CAC
Trend Micro:
TROJ_BAGLE.GP
WORM_BAGLE.GP
TROJ_BAGLE.GS
WORM_BAGLE.GY
TROJ_BAGLE.GR
F-Secure Weblog:
Thursday, December 22, 2005
Status update on Bagles | Posted by Sami @ 21:07 GMT |
|
We are up to Bagle.FJ. The count for this evening is already 6. Update version number 2005-12-22_07 is on its way.
The Bagle night continues | Posted by Katrin @ 19:32 GMT |
|
We have now four new Bagle downloaders – all are very similar varianats. We detect them as W32/Bagle.FE, W32/Bagle.FF, W32/Bagle.FG and W32/Bagle.FH. They are detected with the update 2005-12-22_05.
Another Bagle round | Posted by Alexey @ 17:00 GMT |
|
Looks like the guys behind Bagle don’t have a life. Instead of shopping for Christmas they keep creating and spreading new downloaders. We just got a few reports about a new Bagle-related downloader that is now being spammed as a ZIP attachment containing a file named DFC00027.EXE. The mass-mailer that is responsible for this Bagle round was uploaded to one of the websites that are monitored by old Bagle downloaders some time ago. I hope that this round will be as short as the previous one.
Detection for the mass-mailer is already available as Email-Worm.Win32.Bagle.ex. The new downloader will be detected as W32/Bagle.FE with the 2005-12-22_03 updates that are expected shortly.
No comments yet.
-
Recent
- SANS Internet Storm Center – "Malicious" Websites
- SANS – Internet Storm Center – CME-24 (Blackworm) Analysis: The destruction does not appear to spread across Windows network shares
- F-Secure : News from the Lab – Nyxem on a world map
- SANS – Internet Storm Center – Prepraring for Feb 3rd(CME-24\Blackworm)
- Microsoft Security Advisory Notification – Update for Security Advisory (904420) – Win32/Mywife.E@mm
- F-Secure : News from the Lab – First reports of Nyxem damage
- Microsoft Security Advisory (904420): Win32/Mywife.E@mm (aka Blackworm)
- SANS – Internet Storm Center – BlackWorm Summary – Updated Info
- SANS – Internet Storm Center – BlackWorm Summary – Updated Info
- SANS – Internet Storm Center – More on Nyxem
- SANS – Internet Storm Center – What’s the threat? And who is noticing it? Nyxem_e versus CME 508
- SANS – Internet Storm Center – New mass mailer spreading (Blackmal/Grew/Nyxem) – With updated info
-
Links
- WordPress.com
- WordPress.org
- Symantec Security Response
- Secunia – Virus Information
- McAfee – Newly Discovered Threats
- SANS Internet Storm Center
- Trend Micro-Virus Information
- F-Secure: News from the Lab
- F-Secure: 50 latest virus descriptions
- VirusTotal.com
- Common Malware Enumeration (CME)
- worm blog
- Computer Associates Virus Information Center
- Kaspersky Analyst’s Diary
- Kaspersky’s Viruslist.com
- Panda Software Latest Threats
- Norman: Virus and Security
- Sophos Virus Info
- F-Prot Virus Information
- Sybari Threat Info Center
- Anti-Malware Engineering Team
-
Archives
- November 2007 (1)
- February 2006 (8)
- January 2006 (33)
- December 2005 (30)
- November 2005 (5)
-
Categories
-
RSS
Entries RSS
Comments RSS
Leave a comment