[Dshield] New Version of I-Worm Bagle.HV

Chris Wright dshield at yaps4u.net
Wed Nov 2 17:00:27 GMT 2005


I've just picked up yet another variant of Bagel that is getting past a lot
of the AV Vendors.
Virustotal is picking it up from a number of vendors, but with differing
results.

AVG have issued two updates today and it still doesn't pick it up.
A couple don't even pick up the variants from yesterday.

It's again on my server (http://www.yaps4u.net/dshield/max.zip)
Password and username as before.

Must be the start of silly season.

Regards

Chris
 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Robert Nelson
> Sent: Wednesday, November 02, 2005 1:02 AM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] New Version of I-Worm Bagle.HV
> 
> Norton/Symantec AV definitions for 2005/11/01 detect this as 
> W32.Lodear.A at mm 
> http://securityresponse.symantec.com/avcenter/venc/data/w32.lo
> dear.a at mm.html
> 
> At least one copy of this was seen today where I work . Our 
> dept's newly implemented "zip stripper" automatically removed 
> the Loader.exe file from the attachment.
> 
> Robert
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org]
> On Behalf Of Chris Wright
> Sent: November 1, 2005 2:26 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] New Version of I-Worm Bagle.HV
> 
> 
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
> > Sent: Tuesday, November 01, 2005 7:23 PM
> > To: 'General DShield Discussion List'
> > Subject: [Dshield] New Version of I-Worm Bagle.HV
> > 
> 
> For anyone wanting to see the file, I placed a copy on my 
> webserver at http://www.yaps4u.net/dshield/
> 
> Password and Username is dshield.
> 
> Regards
> 
> Chris
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your 
> subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your 
> subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list