New Bagle, new trick
First things first: admins, block http access from your network to endoliteindia.com. We saw a new Bagle run start tonight. As usual, it was started by posting a new, undetected downloader to one of the dozens of URLs the already-infected Bagle machines are constantly polling.
The difference this time is that every four minutes the link returns a different binary. Different size, different MD5. This is accomplished by repacking the same file with ASProtect again and again. F-Secure : News from the Lab
Back to: PC Security, privacy news