Just a heads up…last Dec 1, we saw a lot of the bagle worm being spammed through e-mails. Trend Micro saw to this and has created detection as WORM_BAGLE.GS.

This new bagle has all the techniques that a WORM_BAGLE should have, from the password protected file to a decoy text file to rootkits, to see a more technical analysis please check the malware report that was created here.

I checked the download site again today, and what do you know, it’s still there! It has very minor tweaks in its body just to change the md5 sum in its effort to avoid detection.

Trend Micro customers need not to worry though as we have already created solutions for this particular sample.

Admins might also want to block www.bronko-m.ru, this is the domain of the download URL of WORM_BALGE.GS.