We just received a new possible BAGLE
currently spreading around:
TMIRT Honeypot already received 12 incidents in 30 minutes.
Initial Sample from TMIRT Honeypot received on: November 23, 2005
09:56 PM +0800 GMT.
MessageLabs already reported 1389 copies in 10 minutes.
Initial report received on: 5:55 AM.
Possible Subjects used are:
Do hold on for more updates in this page and in the Advisories
section.
currently spreading around:
TMIRT Honeypot already received 12 incidents in 30 minutes.
Initial Sample from TMIRT Honeypot received on: November 23, 2005
09:56 PM +0800 GMT.
MessageLabs already reported 1389 copies in 10 minutes.
Initial report received on: 5:55 AM.
Possible Subjects used are:
- Ales
- Alyce
- Androwe
- Ann
- Anthonie
- Anthonye
- Bennet
- Bennett
- Daniel
- Delivery Status Notification (Failure)
- Edmund
- Edward
- Edwarde
- Elizabeth
- Ellen
- Emanuel
- Emanuell
- Frances
- Fraunces
- Grace
- Henrie
- Henrye
- Hughe
- Isabell
- Jane
- Jeames
- Johen
- John
- Judith
- Katherine
- Katheryne
- Margarett
- Margrett
- Marie
- Michael
- Mychaell
- Nathaniel
- Nicholas
- Peter
- Robert
- Roberte
- Roger
- Rose
- Samuell
- Sindony
- Sybyll
- Valentyne
- Wynefrede
- Wynnefreede
Do hold on for more updates in this page and in the Advisories
section.
Update (Chachi, 23 November 2005 23:05:33)
This will be detected as TROJ_BAGLE.AH
Update (Chachi, 24 November 2005 07:08:47)
After continuously monitoring the download
links from the trojan sample, we were able to acquire a sample of
the file it tries to download (z.php; 20KB). The extracted
executable file was confirmed to be another bagle variant (19,961
bytes [unzipped]).
This has been submitted to the service team for processing.
links from the trojan sample, we were able to acquire a sample of
the file it tries to download (z.php; 20KB). The extracted
executable file was confirmed to be another bagle variant (19,961
bytes [unzipped]).
This has been submitted to the service team for processing.