Bagle and Netsky make unwelcome returns...
Published: 1 March 2004 16:45 GMT
Two recent big hitters from the malware world have made an unwelcome return, with variants of the self-propagating Netsky and Bagle worms flooding users' inboxes worldwide.
An absolute glut of Bagle variants - C, D, E, F and G - all broke out over the weekend, while Netsky.D appeared this morning, immediately raising concerns about the extent of damage it could do as its spread appears to echo that of the devastating Sobig virus last year.
Antivirus vendors were very quick to upgrade the Netsky.D worm to their highest threat rating.
Graham Cluley, senior technology consultant for Sophos, said. "We are getting reports from companies that thousands of copies of [Netsky.D] have started clogging up their email systems - in a similar way to the Sobig virus last year."
Both worms are mass mailers and show few signs of reinventing the wheel in terms of displaying anything new in the writers' arsenal. The biggest complication is with the most recent Bagle.G, which carries the virus inside an encrypted .Zip file, meaning it is very likely it will evade detection.
While .exe files are easily blocked .Zip files are far likelier to get through.
Cluley said: "However good an ISP, web email account or antivirus gateway product may be at scanning email, it will be useless at detecting the worm inside the encrypted Zip file."
But perhaps the most interesting aspect of the outbreaks is the sheer number of Bagle variants.
David Emm, marketing manager at McAfee Avert, said: "It's not unusual to see lots of variants, but I can't remember when we have seen so many in such a short amount of time."
One theory, put forward by Mikko Hypponen, head of antivirus response at Finnish F-Secure, is that the barrage of evolving variants - each one slightly different to the previous iteration - is an attempt to stay one step ahead of the antivirus industry, keeping them on their toes and increasing the likelihood of one variant being afforded a sizeable window of opportunity to do some serious damage.
Munir Kotadia writes for ZDNet UK
please update the anti-virus program in order to b...
Jack
Who are these people that open these zip files. I'...
Anonymous
Why does Microsoft offer the feature where email a...
Eddie Bleasdale
Nice comments about the history of the virus (Nets...
Peter Dalheimer
Peter,
It may be an idea to change your antivirus...
Anonymous
Lead Fatigue and Damage Tolerance - F&DT - Engineer 21,960 to 40,782 pa dependant upon experience plus excellent benefits and relocation package The ...
Identifies and prepares files for localisation. Manages files using version control systems. Generates word counts for files to be translated. ...
My client is creating technology that will revolutionise the way people store and access their files, photos, music, videos and other digital ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business