|
12
hours after Darin's post, I see that the ISC Storm Center has seen
it.
"New Bagle VariantWe're receiving early reports of a new Bagle variant making the rounds. At the time of writing, many Antivirus products are not detecting this most recent mutation of the mass mailer. Identifying characteristics include a reference to SMS in the subject line, and ZIP attachments with various names containing an EXE named f22-013.exe with an md5 checksum of 3f123980866092fedd6bc75e9b273087. Our thanks go out to the numerous ISC readers who alerted us to this. "I
hunted around our undeliverables and found more than one copy. Each had
"SMS" in the subject, e.g. "Is sent SMS" and "The picture is sent on
SMS".
Trend
Micro detects the executable as Bagle.BB but everyone else who detects it calls
it Bagle.BQ or Bagle.Gen (generic). McAfee and Symantec are not detecting
it. ClamAV does. F-Prot calls it an errorlevel = 8 security risk
called "W32/_newstuff.2".
Each
message was 32 KB.
I hope
that helps,
Andrew
8)
|
Title: Message
- [Declude.Virus] FYI - new virus as yet unidentified Darin Cox
- RE: [Declude.Virus] FYI - new virus as yet unidentifi... Markus Gufler
- RE: [Declude.Virus] FYI - new virus as yet unidentifi... Colbeck, Andrew
- RE: [Declude.Virus] FYI - new virus as yet uniden... Markus Gufler
- RE: [Declude.Virus] FYI - new virus as yet unidentifi... Colbeck, Andrew
