Internet threat level: 1
Home→Blog→Virus Watch→May 31 2005→Fresh Bagles ahead
Two new Bagle variants have been spotted today. Both are 36352 bytes in size and are very similar in operation. Actually, the second one looks like a repack of the first variant in order to avoid detection. Both work through a downloader component, which connects to a set of websites and attempts to fetch a file. Just as it usually happens with Sober, the author may choose to upload a trojan with unexepected effects at the "update" URLs. We are currently monitoring them for any changes.
Below you can find the MD5's for these two new variants:
(Email-Worm.Win32.Bagle.bo)
f4271a7bd37b7502ecab0ec2964d87c6 - first sample
71379e8529c54c80ead31f5499e3406b - second sample
We released detection for the most recent version at 18:59.
[update] A description for Bagle.bo is now available in the Virus Encyclopedia.
Comments
Analysis
Blog
Alerts
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.