Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Beagle variant

Published: 2005-09-12
Last Updated: 2005-09-12 21:56:33 UTC
by Kevin Hong (Version: 3)
0 comment(s)
We've received several emails from our readers regarding the new variant beagle. It looks like the new variant bagle is in the wild. Here are little more information. if you have any other new variant, pleae let us know.

Subject : No Subject
Contents : new price or price
Attached file : new_price.zip (12490) or price.zip (12498)
                    new_price.zip : c3954e35d8b9b3a63d42c5718ed1624d
                    price.zip : c16ddcef3b01f1ec46750f7a1991ee91
                    More file names :  (new_prize.zip, price2.zip, newprice.zip, proce_09.zip).
Inside of zip file : 1.cpl (14340) or price.cpl (14340)
                        1.cpl (4fb426de872ee9b20c3312fae3adf018)
                         price.cpl (951053055f16d331a42475c209803430)

A few AV scanners detect it using various lables for it:
AntiVir	6.31.1.0	09.12.2005	DR/Bagle.P
Avast 4.6.695.0 09.12.2005 Win32:Beagle-DP
AVG 718 09.12.2005 I-Worm/Bagle.EP
Avira 6.31.1.0 09.12.2005 DR/Bagle.P
CAT-QuickHeal 8.00 09.12.2005 I-Worm.Bagle.cs
ClamAV devel-20050725 09.12.2005 Worm.Bagle.BB-gen
DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.18848
F-Prot 3.16c 09.12.2005 security risk named W32/Mitglieder.FB
Kaspersky 4.0.2.24 09.12.2005 Email-Worm.Win32.Bagle.cs
Norman 5.70.10 09.12.2005 W32/Bagle.CS
Panda 8.02.00 09.12.2005 W32/Bagle.EI.worm
Sophos 3.97.0 09.12.2005 Troj/Dropper-BB
TheHacker 5.8.2.104 09.12.2005 W32/Bagle.cs
(excerpt from results provided by Virustotal.com)


Kevin Hong  - khong at kisa.or.kr
Handler on Duty
Keywords:
0 comment(s)
Diary Archives