New Bagle virus for those late Christmas shoppers

Looks like several new variants of the Bagle virus was spammed out late last night.  These follow that pattern of “zip attachment with downloader that downloads mass-mailer”.  Fun for the whole family.

Here are some vendor listings so far:

Symantec: W32.Beagle.DB@mm, W32.Beagle.DA@mm

McAfee (jeez guys): W32/Bagle.gen!F7B43CAC

Trend Micro:
TROJ_BAGLE.GP
WORM_BAGLE.GP
TROJ_BAGLE.GS
WORM_BAGLE.GY
TROJ_BAGLE.GR

F-Secure Weblog:

Thursday, December 22, 2005

Status update on Bagles	Posted by Sami @ 21:07 GMT

We are up to Bagle.FJ. The count for this evening is already 6. Update version number 2005-12-22_07 is on its way.

The Bagle night continues	Posted by Katrin @ 19:32 GMT

We have now four new Bagle downloaders – all are very similar varianats. We detect them as W32/Bagle.FE, W32/Bagle.FF, W32/Bagle.FG and W32/Bagle.FH. They are detected with the update 2005-12-22_05.

Another Bagle round	Posted by Alexey @ 17:00 GMT

Looks like the guys behind Bagle don’t have a life. Instead of shopping for Christmas they keep creating and spreading new downloaders. We just got a few reports about a new Bagle-related downloader that is now being spammed as a ZIP attachment containing a file named DFC00027.EXE. The mass-mailer that is responsible for this Bagle round was uploaded to one of the websites that are monitored by old Bagle downloaders some time ago. I hope that this round will be as short as the previous one.

Detection for the mass-mailer is already available as Email-Worm.Win32.Bagle.ex. The new downloader will be detected as W32/Bagle.FE with the 2005-12-22_03 updates that are expected shortly.

 

December 23, 2005 - Posted by antivirusguy | Antivirus News, Virus Outbreaks