Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

New virus (price.cpl - Bagle varient) and current Virus-To..

  
   Security Forums (Home) -> General Discussions RSS
Next:  Extensions  
Author Message
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 1) Posted: Mon Sep 12, 2005 10:47 pm
Post subject: New virus (price.cpl - Bagle varient) and current Virus-Total results
Archived from groups: alt>comp>anti-virus, others (more info?)
This came in via e-mail today. Got past Symantec Corporate AV running
on our server.

I ran this through Virus Total earlier today (about 8-10 hours ago)
and I think only 6 AV programs identified it. Many more are doing so
now.

The file (price2.zip) was attached to an e-mail with no subject. The
file unzips to price.cpl (a control panel extension) with a time-stamp
of Tuesday Sept 13 12:24:24 am. size = 14340 bytes.

The only interesting bit of readable text inside it is "open
\gfgdgfddfgdfgwe.exe".

Anyways, here are the virus total results. I'll check again in a week
and see how the various vendors are doing with this one.

---------------

Scanned Sept 12 / 10pm EST:

BitDefender 7.0 09.02.2005 no virus found
CAT-QuickHeal 8.00 09.12.2005 no virus found
eTrust-Iris 7.1.194.0 09.13.2005 no virus found
eTrust-Vet 11.9.1.0 09.12.2005 no virus found
Ikarus 0.2.59.0 09.12.2005 no virus found
McAfee 4579 09.12.2005 no virus found
VBA32 3.10.4 09.12.2005 no virus found
The Cleaner v3843 09.12.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 suspicious


ClamAV devel-20050725 09.13.2005 Worm.Bagle.BB-gen
DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.12288
AntiVir 6.31.1.0 09.12.2005 DR/Bagle.P
Avast 4.6.695.0 09.12.2005 Win32:Mitglieder-BK
AVG 718 09.12.2005 I-Worm/Bagle.EQ
Avira 6.31.1.0 09.12.2005 DR/Bagle.P
F-Prot 3.16c 09.13.2005 security risk named W32/Mitglieder.FB
Kaspersky 4.0.2.24 09.13.2005 Email-Worm.Win32.Bagle.cs
NOD32v2 1.1214 09.12.2005 Win32/Bagle.BI
Norman 5.70.10 09.12.2005 W32/Bagle.CS
Panda 8.02.00 09.12.2005 W32/Bagle.EK.worm
Sophos 3.97.0 09.13.2005 Troj/Dropper-BC
Symantec 8.0 09.13.2005 Trojan.Tooso.N
TheHacker 5.8.2.105 09.12.2005 W32/Bagle.cs

 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 2) Posted: Tue Sep 13, 2005 9:35 pm
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Total [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
What's in a Name? wrote:

> Hey Virus Guy-I would like to test one of my systems with a live
> specimen.Have AVG/eTrust/Anti-Vir/BitDefender/ClamWin installed.
> Can you send me a copy? maxpro4u@neoDOTrrDotcom(remove the DOTs).
> -max

Look for it.

 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
kurt wismer

External


Since: Jul 04, 2003
Posts: 1566



(Msg. 3) Posted: Wed Sep 14, 2005 7:37 am
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Total [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
What's in a Name? wrote:
[snip]
> Hey Virus Guy-I would like to test one of my systems with a live
> specimen.Have AVG/eTrust/Anti-Vir/BitDefender/ClamWin installed. Can
> you send me a copy? maxpro4u@neoDOTrrDotcom(remove the DOTs).

in other words, you want him to send samples to people he doesn't know
he can trust and potentially contribute to the virus problem rather than
the solution...

go troll for viruses elsewhere, please...

--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
Roger Wilco

External


Since: Nov 26, 2004
Posts: 389



(Msg. 4) Posted: Wed Sep 14, 2005 11:01 am
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Total results [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"What's in a Name?" <maxpro4u RemoveThis @nomail.afraid.org> wrote in message
news:Xns96D1588736014maxpro4unomailafraid@204.153.244.170...

> I guess he trusts me.By the way,all the AV's caught it and AVG was
> the first one to go "off".

In what order did you install them? I would expect the last installed to
be the first in line to scan on access and be the first to alert unless
some feature such as e-mail scanning was enabled. Being the first to 'go
off' really means very little when multple AVs are enabled for on-access
scanning and the feature set and configuration varies so much between
programs.
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
kurt wismer

External


Since: Jul 04, 2003
Posts: 1566



(Msg. 5) Posted: Wed Sep 14, 2005 7:49 pm
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Total [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
David H. Lipman wrote:
> From: "kurt wismer" <kurtw.DeleteThis@sympatico.ca>
> | in other words, you want him to send samples to people he doesn't know
> | he can trust and potentially contribute to the virus problem rather than
> | the solution...
> |
> | go troll for viruses elsewhere, please...
>
> Max has been around for a "long time" and can be trusted. He is not Trolling to add to a
> collection.

that doesn't mean he can be trusted... raid was around for a long time,
would you trust him?

if there was a pre-existing relationship of trust between max and virus
guy then he could have made that request in private... arguably he
should have made the request in private so as to not lend credence to
the idea that this is a place where people share viruses...

and frankly, if the only issue was whether or not he was going to add it
to a collection then it would be a non-issue - i don't care what people
collect or how big their collections are... the issue is trust - in
motives and in competency... can virus guy be adequately certain that
max doesn't have nefarious motives and/or that max is competent to
handle live samples safely? i seriously suspect the answer is no (i also
suspect that virus guy could care less, but that's another matter
entirely)...

--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
kurt wismer

External


Since: Jul 04, 2003
Posts: 1566



(Msg. 6) Posted: Thu Sep 15, 2005 11:10 pm
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Total [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
What's in a Name? wrote:
[snip]
> As I said I just wanted to test my setup with a live subject because
> I only tested with a test file.

which (after 'educational purposes') is one of the more popular reasons
given...

--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
kurt wismer

External


Since: Jul 04, 2003
Posts: 1566



(Msg. 7) Posted: Sat Sep 17, 2005 12:55 am
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Totalresults [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Virus Guy wrote:
[snip]
> When I become the last source on the internet for virus samples, come
> back and bark at me some more.

providing virus samples carelessly is like littering - ever little bit
counts...

--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 8) Posted: Sat Sep 17, 2005 10:21 am
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Totalresults [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
kurt wismer wrote:

> providing virus samples carelessly is like littering

Providing virus samples carelessly would be attaching viral files to a
usenet post in these NG's. Zipped and PW-protected if necessary (with
PW in plain view).

Why are you so hung up about this?
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
Virus Guy

External


Since: Aug 05, 2005
Posts: 424



(Msg. 9) Posted: Sat Sep 17, 2005 10:31 am
Post subject: New virus (price.cpl - Bagle varient) and current Virus-Total results [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> Scanned Sept 12 / 10pm EST:
>
> BitDefender 7.0 09.02.2005 no virus found
> CAT-QuickHeal 8.00 09.12.2005 no virus found
> eTrust-Iris 7.1.194.0 09.13.2005 no virus found
> eTrust-Vet 11.9.1.0 09.12.2005 no virus found
> Ikarus 0.2.59.0 09.12.2005 no virus found
> McAfee 4579 09.12.2005 no virus found
> VBA32 3.10.4 09.12.2005 no virus found
> The Cleaner v3843 09.12.2005 no virus found
> Fortinet 2.41.0.0 09.07.2005 suspicious

Scanned Sept 17:

All are now identifying it as either Bagle, Mitglieder, Dropper, or
Tooso, except the following:

Fortinet 2.41.0.0 09.07.2005 suspicious

Even The Cleaner (def'n date Sept 16) is identifiying it as Bagle.
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
kurt wismer

External


Since: Jul 04, 2003
Posts: 1566



(Msg. 10) Posted: Sat Sep 17, 2005 12:29 pm
Post subject: Re: New virus (price.cpl - Bagle varient) and current Virus-Totalresults [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Virus Guy wrote:
> kurt wismer wrote:
>
>>providing virus samples carelessly is like littering
>
> Providing virus samples carelessly would be attaching viral files to a
> usenet post in these NG's.

no, that's just *another* way of providing them carelessly... there's a
broad range of carelessness and both your actions and this fall into
that category...

[snip]
> Why are you so hung up about this?

because the virus problem is as much a social problem as it is a
technological problem... and i always get hung up on people being part
of the problem...

--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
 >> Stay informed about: New virus (price.cpl - Bagle varient) and current Virus-To.. 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
about virus - Hello, Help me please. When I browse internet, I often get virus warning messages: Virus name: W32/Deloder.worm Infected file: C:\WINNT\system32\Dvldr32.exe and Virus name: BackDoor-ARG.dr Infected file: C:\WINNT\system32\inst.exe Neither files can be....

Virus SW registration for updates - I have an older version of Norton Antivirus that Norton no longer supports. I do not have to pay a subscription for updating my .dat files. Does all of the newer Software require that users pay such a subscription? Would anyone have any idea why Norto...

Have I a virus? - Avery now and then, randomly, no pattern a loud duck quack sounds from my computer. I have no WAV file ion my system for this and have searched evrywhere for something that would explain it. I have SPY BOT and AD-ware installed. n uptodate virus cvheck....

virus to avoid illegal copy.... please help - Well about polyboot 512... I need that virus becuase I think (yes I use to do that) that could help to fight agains illegal copy from my software... actually I am using license control software to distribute my software along with the hole pc. my BIG...

First PC anti-virus, trivia question - Which company developed the first PC anti-virus ? Some say it was Symantec others say it was an Israeli firm.
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]