The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

New Bagle virus for those late Christmas shoppers

Looks like several new variants of the Bagle virus was spammed out late last night.  These follow that pattern of “zip attachment with downloader that downloads mass-mailer”.  Fun for the whole family.

Here are some vendor listings so far:

Symantec: W32.Beagle.DB@mm, W32.Beagle.DA@mm

McAfee (jeez guys): W32/Bagle.gen!F7B43CAC

Trend Micro:

F-Secure Weblog:

Thursday, December 22, 2005

Status update on Bagles Posted by Sami @ 21:07 GMT

We are up to Bagle.FJ. The count for this evening is already 6. Update version number 2005-12-22_07 is on its way.

The Bagle night continues Posted by Katrin @ 19:32 GMT

We have now four new Bagle downloaders – all are very similar varianats. We detect them as W32/Bagle.FE, W32/Bagle.FF, W32/Bagle.FG and W32/Bagle.FH. They are detected with the update 2005-12-22_05.

Another Bagle round Posted by Alexey @ 17:00 GMT

johenLooks like the guys behind Bagle don’t have a life. Instead of shopping for Christmas they keep creating and spreading new downloaders. We just got a few reports about a new Bagle-related downloader that is now being spammed as a ZIP attachment containing a file named DFC00027.EXE. The mass-mailer that is responsible for this Bagle round was uploaded to one of the websites that are monitored by old Bagle downloaders some time ago. I hope that this round will be as short as the previous one.

Detection for the mass-mailer is already available as Email-Worm.Win32.Bagle.ex. The new downloader will be detected as W32/Bagle.FE with the 2005-12-22_03 updates that are expected shortly.



December 23, 2005 - Posted by | Antivirus News, Virus Outbreaks

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: