Yes, a new Bagle and MyTob are out. See:
http://isc.sans.org/diary.php?date=2005-05-31 http://www.viruslist.com/en/weblog My current F-Prot *.def is detecting this as a suspicious file (return code = 8); I've only seen two that were caught by Declude Virus, but it could be quite a few more caught as spam. When I run F-Prot on them manually, they are detected as "W32/[EMAIL PROTECTED]". That's interesting, because I thought that Mitglieder and MyTob were the same; maybe there's only one new virus but in the form of a dropper and a payload? I remember something a few weeks back (maybe in the Kaspersky diary?) that mentioned that some virus programmer had essentially used "plug n play" code to mix and match one delivery agent with another payload in one viral executable. I haven't seen any of the new MyTob yet, but for more detailed info: WORM_MyTob.BI http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FM YTOB%2EBI&VSect=P Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, May 31, 2005 8:00 AM To: [email protected] Subject: [Declude.Virus] New virus out? One of the servers I manage is getting hit with lots of messages being caught with banned exe within zip. They are coming from different IPs John T eServices For You --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
