Signature-based antivirus can't detect the new Bagle

 
The first variants were detected on Monday and have increased dramatically throughout the past week. ESET's Threat Labs determined that the variants are being modified to avoid detection by signature-based antivirus programs, once again underlining the need for proactive protection.

TOP STORIES Government intervenes in warrantless wiretapping lawsuit Commtouch unveils image-based spam defense Verizon sued over NSA surveillance US spy agency building database of every call ever made Email bomber heads back to court Zombie master Jeanson Ancheta sentenced to 5 years in prison New York man to settle in Washington's first spyware case US demand for college wiretaps questioned Russian virus distributor convicted Corporate instant messaging on the rise Court slams former spam king over spyware Hacker charged with stealing information from military MPAA releases new piracy loss data Spam King Alan Ralsky not jailed Consumers in the dark about latest tech buzzwords more

The recent increase of Bagle variants are being spammed out in large quantities through a distributed network of compromised machines. Some of the variants are older versions of the Bagle virus, repacked to avoid detection.

The new Bagles are Trojan downloaders, which retrieve and install malicious files from a pre-programmed Web site location and create a backdoor on a machine. This distribution mechanism causes variants to spread outside of the spam channels and leaves unprotected users or systems with outdated virus signatures vulnerable to attack.

ESET's Threat Labs have detected that new variants are being released, on average, every two hours. Different waves of the variants are issued with unique changes designed to avoid signature-based detections, leaving many antivirus companies scrambling to respond to the constant barrage of emerging threats. Some of the worms were designed to get around even advanced heuristics systems.

"ESET's Virus Radar system was detecting over 10,000 messages per hour carrying new, heuristically-detected Bagle variants on Tuesday and Wednesday," said Andrew Lee, chief technology officer of ESET. "At this rapid reproduction and distribution rate, there is no way that traditional, signature-based antivirus software can protect users from the Bagle variants."

ESET's Virus Radar (www.virusradar.com), a real-time malware tracking tool, identified the new Bagle variants using NOD32. Virus Radar provides site visitors with access to in-depth analysis of the latest malicious outbreaks and processes approximately four million email messages per day to provide information such as the exact date a virus was first detected and its current detection rate. Virus Radar is also capable of tracking the progression of a single virus over a given period -- in some instances from the earliest heuristic detection of a new virus to the point where the virus disappears.

Although one or two variants were not detected immediately, ESET updated both the signatures and their ThreatSense heuristics, ensuring that all further variants were caught proactively.

ESET is providing a free remover for the most prevalent variants of the Bagle worms, which can be downloaded at www.eset.com

 
Save to Yahoo! My Web

Submit to Fark

Add to Del.icio.us

Add to Ma.gnolia

Submit to Reddit

Submit to Slashdot

Submit to NowPublic
 

E-mail this story     Printer-friendly version     Bookmark this page