[ news_security_news ]
New Flavors Of Bagles
John Stith
Staff Writer
2005-12-23
 Insider Reports RSS Feed
It would seem new variants on the ever-popular Bagle are running around. The folks at Finnish security company, F-Secure, said they've picked up on a Bagle-related downloader and a number of variants floating around the Internet.
The mass-mailer was used to distribute Bagle files previously and the second level downloader is active again. According to F-Secure's blog, they detected the mass-mailer variant as W32/Bagle.FC@mm. It sends out ZIP archives with a new downloader detected as Bagle.FB in the most recent updates. That was on Tuesday.
On Thursday, they ">commented on more flavors of Bagles appearing:
Looks like the guys behind Bagle don't have a life. Instead of shopping for Christmas they keep creating and spreading new downloaders. We just got a few reports about a new Bagle-related downloader that is now being spammed as a ZIP attachment containing a file named DFC00027.EXE. The mass-mailer that is responsible for this Bagle round was uploaded to one of the websites that are monitored by old Bagle downloaders some time ago. I hope that this round will be as short as the previous one.
Detection for the mass-mailer is already available as Email-Worm.Win32.Bagle.ex. The new downloader will be detected as W32/Bagle.FE with the 2005-12-22_03 updates that are expected shortly.
They also commented more variations were showing up throughout Thursday evening. The variants included Bagle.FE, Bagle.FF, Bagle.FG, Bagle.FH, Bagle.FI and Bagle.FJ. This was as of late Thursday night.
It's just another nice little present from hackers. Merry Christmas.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
