Possible New Bagle

We just received a new possible BAGLE currently spreading around:
TMIRT Honeypot already received 15 incidents in 30 minutes.
Initial Sample from TMIRT Honeypot received on: November 23, 2005 09:56 PM +0800 GMT.
MessageLabs already reported 1389 copies in 10 minutes.
Initial report received on: 5:55 AM.
Major AV Detections:

  • FileName : 1.zip/1.exe_
  • TrendMicro : NO_VIRUS
  • MailTrap : PAK_Generic.001
  • Symantec : NO_VIRUS
  • Kaspersky : NO_VIRUS
  • McAfee : NO_VIRUS
  • Sophos : NO_VIRUS
  • Panda : NO_VIRUS
  • Alwil : NO_VIRUS
  • GeCAD (RAV): NO_VIRUS
  • CAI : NO_VIRUS
  • CAV : NO_VIRUS
  • Ikarus : NO_VIRUS
  • Ad-Aware : NO_VIRUS
  • PestPatrol : NO_VIRUS
  • CleanerPro : NO_VIRUS
  • Size : 9,219Bytes

Major AV Descriptions: (Based from Main AV Sites)

  • Trend: None
  • Symantec: None
  • Mcafee: None
  • Kaspersky: None
  • Sophos: None
  • F-Secure: None

Possible Subjects used are:

  • Ales
  • Alyce
  • Androwe
  • Ann
  • Anthonie
  • Anthonye
  • Bennet
  • Bennett
  • Daniel
  • Delivery Status Notification (Failure)
  • Edmund
  • Edward
  • Edwarde
  • Elizabeth
  • Ellen
  • Emanuel
  • Emanuell
  • Frances
  • Fraunces
  • Grace
  • Henrie
  • Henrye
  • Hughe
  • Isabell
  • Jane
  • Jeames
  • Johen
  • John
  • Judith
  • Katherine
  • Katheryne
  • Margarett
  • Margrett
  • Marie
  • Michael
  • Mychaell
  • Nathaniel
  • Nicholas
  • Peter
  • Robert
  • Roberte
  • Roger
  • Rose
  • Samuell
  • Sindony
  • Sybyll
  • Valentyne
  • Wynefrede
  • Wynnefreede

Do hold on for more updates in this page and in the Advisories section.

Update (Chachi, 23 November 2005 23:05:33)

This will be detected as TROJ_BAGLE.AH

No related posts.