Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bagle/beagle - Several Pre-thanksgiving Variants


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:33 AM

Posted 23 November 2005 - 02:24 PM

Several new W32/Bagle downloader variants have been widely spammed to users (November 23, 2005). To date, they are detected as W32/Bagle.gen@MM with the 4635 DATs.

These are downloader trojans. However, like previous Bagle variants, it is likely that in the near future, the author(s) will post an accompanying EXE file on a remote server, which SPAMs new versions of Bagle (not to addresses harvested on the local system, but to addresses specified in spam lists also on remote web servers). This trojan was mass-spammed in a ZIP attachment and uses peoples names as the filenames, for example:

* Edmund.zip
* Elizabeth.zip
* Fraunces.zip
* Grace.zip
* Henrie.zip
* Jeames.zip


F-Secure and McAfee report several new variants and this list could grow. Batten down the hatches.

F-Secure - 6 new variants
http://www.f-secure.com/v-descs/bagle_eo.shtml
http://www.f-secure.com/v-descs/bagle_ep.shtml
http://www.f-secure.com/v-descs/bagle_eq.shtml
http://www.f-secure.com/v-descs/bagle_er.shtml
http://www.f-secure.com/v-descs/bagle_es.shtml
http://www.f-secure.com/v-descs/bagle_et.shtml

McAfee detection information
http://vil.nai.com/vil/content/v_137087.htm
http://secunia.com/virus_information/23961/

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users