Three new Bagle-related downloaders

During past 18 hours we have found 3 different Bagle-related droppers/downloaders. They were spammed to a large amount of people as e-mail attachments named LOADER.EXE, TEXT.EXE and T_535475.EXE. All these droppers contained a differently packed downloader DLL that was programmed to download and run a file from a website (the list of websites is located in the downloader's body). We have added detection for these droppers and downloaders as Bagle.EE, Bagle.EF and Bagle.EG. F-Secure : News from the Lab

Linked by shanmuga Wednesday, 2nd November 2005 5:49AM