Yet More Beagle Droppings!
Beagle is back and with three new presents for us, yes three new Beagle droppings for unwary users to step in and spread round the ‘net when they get infected.
MessageLabs has allegedly already intercepted over 70,000 copies since the emergence of this new variant at 12:00 GMT on Tuesday.
So what do we know so far?
The samples that I’ve seen so far typically have a blank subject and no body text, that is viewable.
The attachments I’ve seen so far include:
1.zip through to 9.zip
Work.zip
Which contains one of the following:
19_04_2005.exe
20_04_2005.exe
01_05_2005.exe
02_05_2005.exe
03_05_2005.exe
16_05_2005.exe
These new variants drop a Trojan which attempts to download malware from a long list of URLs that are contained in the code.
Windows users who launch the attachment, unzip it and then run the executable file contained within have infected their system [yes, there are people out there which will carry out all these tasks just to infect themselves]. The next step for the malware is to harvest any email addresses it can find on the infected systems hard drive. To complete its list of chores the malware then sends itself to each and every email address it managed to harvest from the infected computer.
It appears that at this time these three new variants are all the same, except that each one has been packed/compressed with different tools to try and slip past virus scanners.
Links:
The Register
F-Secure Lab Weblog
F-Secure Description
I’ll try and post more when the dust has settled a little.
Looks like there may be another 3 variants out there…..oh joy!
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
