We have received samples and infection reports from several sources. It looks like there are so far two different binaries involved:
9928a1e6601cf00d0b7826d13fb556f0 wgareg.exe 2bf2a4f0bdac42f4d6f8a062a7206797 wgavm.exe The former, wgareg.exe, apparently shows up simply as ".exe" (blank-dot-exe) on infected systems and only later gets renamed or copied to wgareg.exe. AV protection is slowly coming online, here's a few of the names chosen: Symantec - W32.Wargbot - not yet in the current pattern TrendMicro - Worm.IRCBOT.JK and JL - protection available McAfee - IRC.Mocbot - protection as extra.dat available F-Secure - IRCBOT-ST - protection available We'll update this post as more information becomes available. |
Daniel 375 Posts ISC Handler Aug 13th 2006 |
Thread locked Subscribe |
Aug 13th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!