From some time now, we have been checking the download site of the WORM_BAGLE.DA for changes in the uploaded file. When I checked the main site of the download url, which is http://{blocked}i.ru, I discovered that the site was a website for a LEGITIMATE Russian Company.
The author/s of the Bagle Malware just hacked the website and put the malware file on the http://{blocked}i.ru/img/ as 2.jpg, disguising itself as a jpg file of the legitimate website.
This may have been done by the malware author/s to avoid getting caught, since the site will not be traced to them.
