For all of those who have virus updates set to once a day, I would recommend running a manual update.
I received a new version of the I-Worm/Bagle.HV which was not initially detected by AVG. After performing a manual update it did download a High Priority update which did pick it up.
In my case, the email arrived with the To: address set to chris.a.wright@unilever.com.
Now the unilever.com part of it is faked, as were most of the headers, but the IP address I traced back to a PC which has been responsible for other attacks recently.
It also came within a zip file called Health_and_knowledge.zip and contained an executable loader.exe.
Below is the output from Virus total which as you will see shows that not all of the AV vendors are catching it right now.
Also, there is a link to their site at the end of the report. If you ever receive a suspicious file and you are not sure, then you can upload it to their site and it will run a virus check using a number of AV vendors. Whilst it is not 100% accurate, it gives you more confidence than none. But even if it comes back safe and you do not recognise the sender, ditch the file or send it to your AV vendor to have it checked. In fact if you recieve any sort of attachment from someone you don’t know, BIN IT !!
Antivirus | Version | Update | Result |
AntiVir | 6.32.0.6 | 11.01.2005 | TR/Bagle.DO |
Avast | 4.6.695.0 | 10.31.2005 | no virus found |
AVG | 718 | 11.01.2005 | identified I-Worm/Bagle.HV |
Avira | 6.32.0.6 | 11.01.2005 | TR/Bagle.DO |
BitDefender | 7.2 | 11.01.2005 | Trojan.Downloader.Bagle.D |
CAT-QuickHeal | 8.00 | 11.01.2005 | I-Worm.Generic.87C4 |
ClamAV | devel-20050917 | 11.01.2005 | no virus found |
DrWeb | 4.33 | 11.01.2005 | no virus found |
eTrust-Iris | 7.1.194.0 | 10.31.2005 | no virus found |
eTrust-Vet | 11.9.1.0 | 10.31.2005 | no virus found |
Fortinet | 2.48.0.0 | 11.01.2005 | W32/Mitglieder.FY!tr |
F-Prot | 3.16c | 11.01.2005 | security risk named W32/Mitglieder.FY |
Ikarus | 0.2.59.0 | 11.01.2005 | no virus found |
Kaspersky | 4.0.2.24 | 11.01.2005 | Email-Worm.Win32.Bagle.ee |
McAfee | 4616 | 10.31.2005 | no virus found |
NOD32v2 | 1.1269 | 10.31.2005 | probably unknown NewHeur_PE virus |
Norman | 5.70.10 | 11.01.2005 | W32/Malware |
Panda | 8.02.00 | 11.01.2005 | no virus found |
Sophos | 3.99.0 | 11.01.2005 | Troj/BagleDl-W |
Symantec | 8.0 | 10.31.2005 | no virus found |
TheHacker | 5.9.1.026 | 10.31.2005 | no virus found |
VBA32 | 3.10.4 | 11.01.2005 | suspected of Email-Worm.Bagle.1 |
are no guarantees about the availability and continuity of this service.
Although the detection rate afforded by the use of multiple antivirus engines is
far superior to that offered by just one product, these results DO NOT guarantee
the harmlessness of a file. Currently, there is not any solution that offers a
100% effectiveness rate for detecting viruses and malware.
VirusTotal
—
Revised 03 NOV 2005 – Corrected Website addresses at end of the post. Was not pointing to VirusTotal because of code in the original cut and paste entry.
—