-- Update September 12, 2005 --
Multiple new variants of this threat were recently mass spammed. Filenames include 1.cpl
and may arrive in a ZIP file named newprice.zip
, price_09.zip, price
The variants seen thus far are non functional, and deemed a low risk. The first such variant drops a corrupt file (ceeweewe.exe) to the %windir%. The md5 checksums of these new variants are 4fb426de872ee9b20c3312fae3adf018 and a2920da32385932c71ad2e4ed5e3e74e
The corrupt file is detected as W32/Bagle.dam. Detection will be enhanced in the 4580 DAT release to detect and delete these newly discovered damaged variants.
Extra.dat files for W32/Bagle@MM!cpl and W32/Bagle.dam may be downloaded via the Extra.dat request page:
This is a generic detection covering many variants of the W32/Bagle@MM virus when sent in "CPL" format. Since the detection covers many different variants, it is not possible to list specific details. For an example of one such variant, see W32/Bagle.bj@MM