New Bagle/Beagle email worms Last Updated 7/25/06 3:20PM
Early Release 4789 DATs and later - W32/Bagle.fb@mm
McAfee has released DAT files 4789 and later to detect and remove the latest varients of W32/Bagle. The new released DAT files have been posted to AV and iSDP website.
CIT has been notified of a new variants of the email virus called W32/Bagle or W32.Beagle circulating on the internet. These variants are mass-mailing worms that harvest email addresses from infected Windows machines and may install a rootkit on Windows machines. These mass-mailing worms have a password protected zip attachment included.
An example email
From: Jane Doe [mailto: DoeJ@myisp.net]
Sent: Tuesday, June 20, 2006 10:53 AM
To: Doe, Jane (NIH/IC)
Subject: Margerye
I love you
Password: (The password is displayed as an embedded .gif file)
Attachment:
The attachment is a password protected .zip file that may appear as a random string of letters as the file name.
McAfee has released a SuperDat to detect and remove the latest variants. Some variants may already be detected as W32/Bagle.dldr.
Symantec has released definitions dated 6/21/06 and later to detect and remove the latest variants.
For more Information:
From McAfee.
From Symantec.
Additional information will be posted as it becomes available.
This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.
