lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: New Virus under way ...

"Richard" <guruban@...b.co.za> wrote:

> Looks to be the latest in the Bagle / Beagle family. Symantec have got it
> as the W32.Beagle.O@mm, discovered March 18 10:00

Yes -- there is huge naming confusion with the Bagles.

This is partly because of similarities between some Bagle variants and 
some of the Mitglieder proxy Trojans and some vendors choosing Bagle 
variant slots for what are "really" Mitglieders.  It's also partly due 
to some vendors not reporting as the  same variant what are really the 
same variants packed with different runtime decompressors.

However, the rash of new Bagle variants "last night" (for me) allowed 
us to synchronize variant names at Bagle.R (unfortunately Symantec and 
perhaps a few others had already named what most now have as Bagle.Q, 
so there may be a small amount of confusion over that variant).  Also 
note that the forms of the Email messsages sent by Bagle.Q, .R, .S & .T 
are identical, as these messages do not carry a copy of the virus.  
Which variant the victim actually gets depends on what the machine at 
the IP in the victim's message is serving up when the victim's browser 
goes asking.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ