And even more Bagles

20 Sep 2005

minute read

Authors

Yury Mashevsky

As the previous post says, there have been a lot of new Bagle modifications in the last 24 hours. And they’re continuing, either being spammed, or by previous versions downloading updates to themselves from the Internet. All of this frantic activity is aimed at maintaining the network of infected computers, by finding new victim machines, infecting them, and conscripting them into the network.

We’ve intercepted at least 20 new versions, and are now up to Bagle.dh. They are showing no signs of stopping at the moment.

As usual, our antivirus databases have been updated with detection for all the latest variants.

Authors

Yury Mashevsky

And even more Bagles

Latest Posts

Latest Webinars

Reports

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

And even more Bagles

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

The antivirus weather forecast: cloudy

Crimeware: A new round of confrontation begins…

Malware Miscellany, September 2009

Malware Miscellany, December 2008

Malware Miscellany, November 2008

A hack in hand is worth two in the bush

QBot banker delivered through business correspondence

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Latest Posts

IT threat evolution in Q3 2023. Mobile statistics

IT threat evolution Q3 2023

IT threat evolution in Q3 2023. Non-mobile statistics

Consumer cyberthreats: predictions for 2024

Latest Webinars

Responding to a data breach: a step-by-step guide

2024 Advanced persistent threat predictions

Overview of modern car compromise techniques and methods of protection

2023 APT Landscape Unveiled: Trends, Challenges, Solutions

Reports

HrServ – Previously unknown web shell used in APT attack

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

A cascade of compromise: unveiling Lazarus’ new campaign

How to catch a wild triangle

Subscribe to our weekly e-mails