NEWS FROM THE LAB - Tuesday, December 20, 2005

Oh no, more Bagles... Posted by Alexey @ 12:01 GMT

We have received reports about a Bagle-related downloader being posted on one of the sites, that were used for distribution of Bagle files in the past. This is the second level downloader that just downloads one file and runs it. The downloaded file is a minor variant of the previous Bagle mass-mailer, we detect it as W32/Bagle.FC@mm. The mass-mailer sends out ZIP archives with a new Bagle-related downloader that we detect as Bagle.FB in the latest updates.