 |
|
|
|
|
F-Secure Virus Descriptions : Bagle.BI
[Summary] | [Detection]
|
|
THIS VIRUS IS RANKED AS LEVEL 2 ALERT UNDER
F-SECURE RADAR.
Radar Alert LEVEL 2
|
| NAME: | Bagle.BI |
| ALIAS: | W32/Bagle.BI, Email-Worm.Win32.Bagle.cy |
This Bagle downloader appeared on September 19th, 2005.
The infected emails always contain a 35kB file called "text.exe"
inside an archive with names like newprice.zip, price_09.zip or price2.zip.
It is quite similar to earlier Bagle variants Bagle.BY and Bagle.CR:
http://www.f-secure.com/v-descs/bagle_by.shtml
http://www.f-secure.com/v-descs/bagle_cr.shtml
This variant has a different set of download URLs and it executes
Notepad as a decoy.
F-Secure Anti-Virus detects this malware starting from the
following update:
[FSAV_Database_Version]
Version=2005-09-19_04
Writeup:
Alexey Podrezov, September 19th, 2005;
F-Secure Corporation
|
|
|
|
|
|
