Bagle gets around zip filters?

Variants of the Bagle Windows worm continue to appear thick and fast, and one of the most recent versions already has workaround for an anti-virus countermeasure introduced by some vendors just one week earlier.

Recent Bagle variants tried to get around virus scanners by putting the executable into a password-protected Zip archive, with the password included in the e-mail’s body text. The idea was that the virus scanner could not open the file, but the would-be victim could.

Some antivirus firms responded with features can detect when an incoming attachment is Zip-compressed and password-protected, then scan the body text for something that contextually looks like a password.

Now Bagle.N, found Saturday, includes the password as text on a GIF image pasted into the body text, according to F-Secure Corp, meaning the earlier password-finding countermeasures will not work

Bagle has been the most mutable, if not the most prolific, worm of 2004. The original appeared on January 18, and yesterday the sixteenth variant, Bagle.P, was found. Bagle is designed to turn innocent PCs into zombie proxies, presumably for nefarious purposes.

This article is based on material originally published by ComputerWire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing