Over the course of the last hours we’ve been seeing a number of new Bagles massively spammed.
They are detected as Email-Worm.Win32.Bagle.ed-eg.
As before these Bagles don’t have a functioning emailing routine.
These Bagles are likely to arrive in a .zip archive with both the archive as the executable having a random name.
Some quick info on the most common ones:(Note that filenames may vary)
File: Loader.exe – Email-Worm.Win32.Bagle.ee
MD5: 7b2f9ddebd027d54e36408c89804afdb
Size: 9728 bytes
File: t_535475.exe – Email-Worm.Win32.Bagle.ef
MD5: 8275444ac2caac4b90bfd07d0b2b17be
Size: 13312 bytes
File: text.exe – Email-Worm.Win32.Bagle.eg
MD5: 18ae7a2fa4dbbf703c3ae157f224186a
Size: 10752 bytes
Bagles massively spammed