Title: Message
Thanks for the info's
I've seen some of this "SMS" subject lines in the virus log (while searching for kitten.zip)
 
06/26/2005 22:37:03 Q11e3167a00d2c413 Scanner 2: Virus=W32/Bagle.dldr Attachment= [42] I
06/26/2005 22:37:22 Q1200168000d2c41c Scanned: Virus Free [Prescan OK][MIME: 3 19716]
06/26/2005 22:37:24 Q11e3167a00d2c413 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 21646]
06/26/2005 22:37:24 Q11e3167a00d2c413 From: [Forged] To: [Hidden] [incoming from 71.97.144.45]
06/26/2005 22:37:24 Q11e3167a00d2c413 Subject: Is sent SMS
 
This was yesterday evening (06/26/2005 22:37:24 GMT+1)
Scanner 2 is Mcafee and following the logfiles it's called "Bagle.dldr"
Scanner 1 (F-Prot) has catched it 2 hours later with errorlevel 8.
 
Markus
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Monday, June 27, 2005 8:14 AM
To: [email protected]
Subject: RE: [Declude.Virus] FYI - new virus as yet unidentified

12 hours after Darin's post, I see that the ISC Storm Center has seen it.
 
 

"New Bagle Variant

We're receiving early reports of a new Bagle variant making the rounds. At the time of writing, many Antivirus products are not detecting this most recent mutation of the mass mailer. Identifying characteristics include a reference to SMS in the subject line, and ZIP attachments with various names containing an EXE named f22-013.exe with an md5 checksum of 3f123980866092fedd6bc75e9b273087. Our thanks go out to the numerous ISC readers who alerted us to this. "
 
I hunted around our undeliverables and found more than one copy.  Each had "SMS" in the subject, e.g. "Is sent SMS" and "The picture is sent on SMS".
 
Trend Micro detects the executable as Bagle.BB but everyone else who detects it calls it Bagle.BQ or Bagle.Gen (generic).  McAfee and Symantec are not detecting it.  ClamAV does.  F-Prot calls it an errorlevel = 8 security risk called "W32/_newstuff.2".
 
Each message was 32 KB.
 
I hope that helps,
 
Andrew 8)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Sunday, June 26, 2005 11:33 AM
To: [email protected]
Subject: [Declude.Virus] FYI - new virus as yet unidentified

Don't know what it is yet, but the attached file was named kitten.zip containing an unencrypted EXE.

Darin.
 
 

Reply via email to