Research

Yesterday’s Bagles – how dangerous are they?

Yesterday was hot with two new Bagles let loose. The worms were mailed using spam methods in one of the largest mass mailings this year. I hope that the weekend will mean the outbreak will calm down.

The third Bagle we saw yesterday was almost identical to the first two, except for a mistake in the code: it can’t send copies over email. We put this variant in with Bagle.au, but may re-name it Bagle.av.

It is hard to see the difference between a mass-mailing and a real epidemic, so different AV companies gave the new Bagles different danger levels. We chose to stay at ‘medium risk’, for instance.

This incident confirms my idea that the Age of Worms is over. The new Bagles made news during the initial mass mailing, when they used zombie machines infected by Trojans.

The danger today is from botnets, not worms, and we are very concerned about this.

Yesterday’s Bagles – how dangerous are they?

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox