This is a report processed by VirusTotal on 05/31/2005 at 17:52:48 (CET) after scanning the file "8.zip" file. Antivirus Version Update Result AntiVir 6.30.0.15 05.31.2005 TR/Dldr.Bagle.BR AVG 718 05.31.2005 no virus found Avira 6.30.0.15 05.31.2005 TR/Dldr.Bagle.BR BitDefender 7.0 05.31.2005 [EMAIL PROTECTED] ClamAV devel-20050501 05.31.2005 Worm.Bagle.BB-gen DrWeb 4.32b 05.31.2005 Win32.HLLM.Beagle.36352 eTrust-Iris 7.1.194.0 05.31.2005 no virus found eTrust-Vet 11.9.1.0 05.31.2005 no virus found Fortinet 2.27.0.0 05.31.2005 W32/Mitglieder.CD.gen-tr Ikarus 2.32 05.31.2005 no virus found Kaspersky 4.0.2.24 05.31.2005 Email-Worm.Win32.Bagle.bo McAfee 4502 05.30.2005 no virus found NOD32v2 1.1116 05.31.2005 probably unknown NewHeur_PE virus Norman 5.70.10 05.30.2005 W32/Downloader Panda 8.02.00 05.31.2005 Suspect File Sybari 7.5.1314 05.31.2005 Email-Worm.Win32.Bagle.bo Symantec 8.0 05.30.2005 Trojan.Tooso.B VBA32 3.10.3 05.31.2005 suspected of Worm.Bagle.3
----- Original Message ----- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: <Declude.Virus@declude.com> Sent: Tuesday, May 31, 2005 6:39 PM Subject: RE: [Declude.Virus] New virus out? Yes, a new Bagle and MyTob are out. See: http://isc.sans.org/diary.php?date=2005-05-31 http://www.viruslist.com/en/weblog My current F-Prot *.def is detecting this as a suspicious file (return code = 8); I've only seen two that were caught by Declude Virus, but it could be quite a few more caught as spam. When I run F-Prot on them manually, they are detected as "W32/[EMAIL PROTECTED]". That's interesting, because I thought that Mitglieder and MyTob were the same; maybe there's only one new virus but in the form of a dropper and a payload? I remember something a few weeks back (maybe in the Kaspersky diary?) that mentioned that some virus programmer had essentially used "plug n play" code to mix and match one delivery agent with another payload in one viral executable. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.