| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <405AF009.32419.B64A470@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: New Virus under way ... "Richard" <guruban@...b.co.za> wrote: > Looks to be the latest in the Bagle / Beagle family. Symantec have got it > as the W32.Beagle.O@mm, discovered March 18 10:00 Yes -- there is huge naming confusion with the Bagles. This is partly because of similarities between some Bagle variants and some of the Mitglieder proxy Trojans and some vendors choosing Bagle variant slots for what are "really" Mitglieders. It's also partly due to some vendors not reporting as the same variant what are really the same variants packed with different runtime decompressors. However, the rash of new Bagle variants "last night" (for me) allowed us to synchronize variant names at Bagle.R (unfortunately Symantec and perhaps a few others had already named what most now have as Bagle.Q, so there may be a small amount of confusion over that variant). Also note that the forms of the Email messsages sent by Bagle.Q, .R, .S & .T are identical, as these messages do not carry a copy of the virus. Which variant the victim actually gets depends on what the machine at the IP in the victim's message is serving up when the victim's browser goes asking. Regards, Nick FitzGerald
Powered by blists - more mailing lists