We found an interesting bagle-related site
that installs a Trojan, detected as TROJ_AGENT.ABT, which downloads and executeBKDR_VIPGSM.C. BKDR_VIPGSM interests us since
it is speculated to be related to the Bagle and only one group made
these malwares. Furthermore, BKDR_VIPGSM.C drops and executes a
file detected as WORM_BAGLE.GEN. (hmmm interesting)
However, upon further investigation, the file detected as
WORM_BAGLE.GEN does not replicate itself. It only had codes similar
to the Bagle worm but does not have a mass mailing routine and is
now detected as as TROJ_HARBAG.B.
There was also an interesting discussion in the KAV
blog that discussed about the possible relations of this
malware to the Bagle worm. Thus, the malwares mentioned above can
be another proof that the speculation can possibly be true.
that installs a Trojan, detected as TROJ_AGENT.ABT, which downloads and executeBKDR_VIPGSM.C. BKDR_VIPGSM interests us since
it is speculated to be related to the Bagle and only one group made
these malwares. Furthermore, BKDR_VIPGSM.C drops and executes a
file detected as WORM_BAGLE.GEN. (hmmm interesting)
However, upon further investigation, the file detected as
WORM_BAGLE.GEN does not replicate itself. It only had codes similar
to the Bagle worm but does not have a mass mailing routine and is
now detected as as TROJ_HARBAG.B.
There was also an interesting discussion in the KAV
blog that discussed about the possible relations of this
malware to the Bagle worm. Thus, the malwares mentioned above can
be another proof that the speculation can possibly be true.
