p2p news / p2pnet: Admins, block http access from your network to endoliteindia.com, warns F-Secure.

Why? It’s a hacked web server in India.

“We saw a new Bagle run start tonight,” says the company blog. “As usual, it was started by posting a new, undetected downloader to one of the dozens of URLs the already-infected Bagle machines are constantly polling.

“The difference this time is that every four minutes the link returns a different binary. Different size, different MD5. This is accomplished by repacking the same file with ASProtect again and again.

“endoliteindia.com”.

F-Secure says it was detecting these as W32/Bagle.GI, and the contents keep changing, and by way of an update, “At around 19:45 GMT, the download link died,” says the post.

Also See:
blog – New Bagle, new trick, March 30, 2006

This entry was posted on Friday, March 31st, 2006 at 1:20 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2757 times