During past 18 hours we have found 3 different Bagle-related droppers/downloaders. They were spammed to a large amount of people as e-mail attachments named LOADER.EXE, TEXT.EXE and T_535475.EXE. All these droppers contained a differently packed downloader DLL that was programmed to download and run a file from a website (the list of websites is located in the downloader's body).
During past 18 hours we have found 3 different Bagle-related droppers/downloaders. They were spammed to a large amount of people as e-mail attachments named LOADER.EXE, TEXT.EXE and T_535475.EXE. All these droppers contained a differently packed downloader DLL that was programmed to download and run a file from a website (the list of websites is located in the downloader's body).