I've seen one sample in the last few minutes. It arrives as jokes.zip, and www.virustotal.com describes the enclosed 123456.exe as:
This is a report processed by VirusTotal on 04/16/2005 at 00:11:32 (CET) after scanning the file "123456.exe" file. Antivirus Version Update Result AntiVir 6.30.0.7 04.15.2005 no virus found AVG 718 04.15.2005 no virus found BitDefender 7.0 04.15.2005 BehavesLike:Win32.SiteHijack ClamAV devel-20050307 04.15.2005 Worm.Bagle.BB DrWeb 4.32b 04.15.2005 Win32.HLLM.Beagle.37888 eTrust-Iris 7.1.194.0 04.15.2005 Win32/Glieder.T!Trojan eTrust-Vet 11.7.0.0 04.15.2005 no virus found Fortinet 2.51 04.15.2005 no virus found F-Prot 3.16b 04.15.2005 no virus found Ikarus 2.32 04.15.2005 Email-Worm.Win32.Bagle.pac Kaspersky 4.0.2.24 04.16.2005 Email-Worm.Win32.Bagle.pac McAfee 4470 04.15.2005 W32/[EMAIL PROTECTED] NOD32v2 1.1064 04.15.2005 Win32/TrojanDownloader.Small.ZL Norman 5.70.10 04.14.2005 W32/Downloader Panda 8.02.00 04.15.2005 W32/Bagle.CA.worm Sybari 7.5.1314 04.15.2005 Troj/BagleDl-N Symantec 8.0 04.15.2005 Trojan.Tooso.F VBA32 3.10.3 04.15.2005 Email-Worm.Win32.Bagle.pac VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En espaņol -------------------------------------------------------------------------------- www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail [EMAIL PROTECTED] Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, April 15, 2005 2:33 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Another new virus I am getting lots of banned attachment notices and lots of bounces in the last 90 minutes. THANKFULLY, I am blocking zip files which contain executables otherwise these would have all be delivered to users. Any one have an idea of what this one is, it is kind of acting like Bagle. John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
