I hadn't until last night, Markus. But now I've got 35 copies from different sources, all flagged by F-Prot as suspicious files. F-Prot detects the executable inside a zip file as a Mitglieder variant, and submitting it to http://www.VirusTotal.com shows that all the big name vendors there are detecting it as either a Bagle variant or Mitglieder.
Notably absent is Trend Micro, which I tested on my desktop. Nope, TrendMicro doesn't detect it at all. [pause] Actually I'm seeing multiple versions, at least two of which TrendMicro doesn't catch, but F-Prot caught all of them as 'suspicious'. Also, it's pretty clear that the text of the message is a template, and that template was used to send the nuisance message I reported in the Sniffer forum a week ago. Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Thursday, August 11, 2005 11:49 PM > To: [email protected] > Subject: RE: [Declude.Virus] Expect new Bagle variants > > > It looks as though the Bagle author is back from his > vacation. Today > > we've detected several new variants (actually old variants > which have > > been repacked) and they are still coming in. > > > I can see some "unknown virus" detections in the last 24 hours. > > Markus > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
