NEWS FROM THE LAB - Wednesday, November 2, 2005

Three new Bagle-related downloaders spammed lately Posted by Alexey @ 10:29 GMT

EE/EF/EGDuring past 18 hours we have found 3 different Bagle-related droppers/downloaders. They were spammed to a large amount of people as e-mail attachments named LOADER.EXE, TEXT.EXE and T_535475.EXE. All these droppers contained a differently packed downloader DLL that was programmed to download and run a file from a website (the list of websites is located in the downloader's body).

We have added detection for these droppers and downloaders as Bagle.EE, Bagle.EF and Bagle.EG.