Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - New Beagle variant InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Beagle variant

Published: 2005-09-12
Last Updated: 2005-09-12 21:56:33 UTC
by Kevin Hong (Version: 3)
0 comment(s)
We've received several emails from our readers regarding the new variant beagle. It looks like the new variant bagle is in the wild. Here are little more information. if you have any other new variant, pleae let us know.

Subject : No Subject
Contents : new price or price
Attached file : (12490) or (12498)
           : c3954e35d8b9b3a63d42c5718ed1624d
           : c16ddcef3b01f1ec46750f7a1991ee91
                    More file names :  (,,,
Inside of zip file : 1.cpl (14340) or price.cpl (14340)
                        1.cpl (4fb426de872ee9b20c3312fae3adf018)
                         price.cpl (951053055f16d331a42475c209803430)

A few AV scanners detect it using various lables for it:
AntiVir	09.12.2005	DR/Bagle.P
Avast 4.6.695.0 09.12.2005 Win32:Beagle-DP
AVG 718 09.12.2005 I-Worm/Bagle.EP
Avira 09.12.2005 DR/Bagle.P
CAT-QuickHeal 8.00 09.12.2005 I-Worm.Bagle.cs
ClamAV devel-20050725 09.12.2005 Worm.Bagle.BB-gen
DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.18848
F-Prot 3.16c 09.12.2005 security risk named W32/Mitglieder.FB
Kaspersky 09.12.2005 Email-Worm.Win32.Bagle.cs
Norman 5.70.10 09.12.2005 W32/Bagle.CS
Panda 8.02.00 09.12.2005 W32/Bagle.EI.worm
Sophos 3.97.0 09.12.2005 Troj/Dropper-BB
TheHacker 09.12.2005 W32/Bagle.cs
(excerpt from results provided by

Kevin Hong  - khong at
Handler on Duty
0 comment(s)
Diary Archives