New Bagle/Beagle email worms Last Updated 7/25/06 3:20PM

Early Release 4789 DATs and later - W32/Bagle.fb@mm

McAfee has released DAT files 4789 and later to detect and remove the latest varients of W32/Bagle. The new released DAT files have been posted to AV and iSDP website.

CIT has been notified of a new variants of the email virus called W32/Bagle or W32.Beagle circulating on the internet. These variants are mass-mailing worms that harvest email addresses from infected Windows machines and may install a rootkit on Windows machines. These mass-mailing worms have a password protected zip attachment included.

An example email

From: Jane Doe [mailto: DoeJ@myisp.net]
Sent: Tuesday, June 20, 2006 10:53 AM
To: Doe, Jane (NIH/IC)
Subject: Margerye

I love you
Password: (The password is displayed as an embedded .gif file)

Attachment:

The attachment is a password protected .zip file that may appear as a random string of letters as the file name.

McAfee has released a SuperDat to detect and remove the latest variants. Some variants may alreeady be detected as W32/Bagle.dldr.

Symantec has released definitions dated 6/21/06 and later to detect and remove the latest variants.

For more Information:

http://vil.nai.com/vil/content/v_139997.htm from McAfee.

http://vil.nai.com/vil/content/v_129512.htm from McAfee.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ff@mm.html from Symantec.

Additional information will be posted as it becomes available.

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.