NEWS FROM THE LAB - Sunday, February 29, 2004

They never stop, do they? Posted by Mikko @ 19:11 GMT

Two new Bagle variants have been spotted. Again. Seems to be a busy weekend.

Apparently at least one of the new variants sometimes sends ZIP archives encrypted with a password - and mentions the password in the message body. The ZIP itself is variable, as the EXE inside has a random part in it. The virus tries to bypass detection of gateway / server scanners this way. Workstation products should have no problems in detecting the EXE once it is decrypted.

However, the new variants don't seem widespread at all. We should know more by Monday.