You must have heard that there are a number of new variants of the long lived WORM_BAGLE. Well, that’s because of UPolyX.UPolyX is not new, in fact its first version UPolyX v0.1 has been around since 2004. By searching through the net, it has four (4) versions in existence.UPolyX is basically a scrambler. It specifically…

From some time now, we have been checking the download site of the WORM_BAGLE.DA for changes in the uploaded file. When I checked the main site of the download url, which is http://{blocked}i.ru, I discovered that the site was a website for a LEGITIMATE Russian Company.The author/s of the Bagle Malware just hacked the website…

Again we are experiencing a storm of TROJ_BAGLES coming in. The attachment of the TROJ_BAGLE being 19_09.exe.As I said in my previous blog we were downloading the files from the urls used by bagle. To my surprise a new sample of the WORM_BAGLE was downloaded in this site http://{blocked}/img/2.jpg! Curiousity kicked in and im in…

A new batch of Mytob link emails is currently spreading. It uses the same technique as the one posted a while back.The link which is found on the emails spread by Mytob downloads a file named Confirmation.pif.This file is actually a Self Extracting Rar archive file containing a malware package.Some files included are the WORM_MYTOB…

Just an additional info for WORM_BAGLE.DA.After the bagle storm yesterday, we were still receiving reports that new bagle variants were being seen. So we decided to again download the links found on the WORM_BAGLE, TROJ_BAGLE and TROJ_DLOADER. I didnt find a new bagle variant, although i’m still downloading from the links, what I found out…