“Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts,” Munir Kotadia reports for ZDNet UK. “Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle–being spread through e-mail and infecting PCs of users who open the attachment–Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.”
Kotadia reports, “Mikko Hypponen, head of antivirus response at Finnish security company F-Secure, told ZDNet UK that the latest variant of the Bagle family is sent inside an encrypted Zip file attached to an e-mail that contains the password required to access the file. This means that enterprises are unlikely to detect the virus at the perimeter because .zip files are not usually blocked and the encryption means that antivirus scanners will not be able to unzip the file: ‘This way they get through many gateway scanners that will not be able to unzip the file to scan it.'”
Full article here.
Related MacDailyNews article:
Washington Post: Internet punishing for Windows users, Mac users surf with impunity – February 28, 2004
All the good stuff is always windows first
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
this one IS a mess! I’m getting a bunch of crap e-mail from made up addresses….. Ugh! When is the world ever going to learn?
I’m looking forward to the day when the entire internet is either taken over by worms, and viruses, making it completely useless, or when MS is no longer a major player in the field, making the net a LOT more safe.
This one is a joke: MS launched a website called [url=http://www.tietoturvaopas.fi]http://www.tietoturvaopas.fi[/url] (=internet security advisory). Today that page was hacked and has been offline for most of today… they were running Windows server software, that much is obvious…
Hackers have a sense of humour!
Sending a zipped file in an HTML message that contains the required info to unzip and execute the file?
Sweeeeeeeeeet!
That completely eliminates the use of automated software to identify the contents.
Unless there is a backdoor to the encryption sceme.
Looks like it may have been a bad time for Apple to choose .zip as it’s compression format of choice in Panther. If this type of thing continues (and it certainly appears that it will) IT Departments are going to start stripping .zips from e-mails by default and render the format as basically useless for e-mail.
True, but Apple can’t use SIT format without paying Aladdin. However, Apple can always fall back on its Unix heritage: Unix compress or gzip. I don’t think it’ll be hard to do so.
True, but Apple can’t use SIT format without paying Aladdin.
What do you mean, Nobody? Anybody that has Stuffit Deluxe can stuff files, and anybody that has Stuffit Expander, a free download from Aladdin, can unstuff them. How does this involve Apple?
If a person was infected with this many worms, they would be dead…
Apple should then choose gzip as its default compression method
gzip only compresses single files so it needs to be combined with something like tar to have the same “archiving” functionality as zip.
I’m amazed that nobody’s taken up the fact that unzipping a file should not lead to the contents of said file being automatically executed! This is a huge security problem and a mistake that was made before! Why the hell can’t I hear this being called a security hole?