Bagle latches on to antispam ploy

Discussion in 'malware problems & news' started by Marianna, Mar 15, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Last modified: March 15, 2004, 9:12 AM PST
    By Munir Kotadia
    Special to CNET News.com

    Three new Bagle variants discovered over the weekend differ from previous incarnations by using an antispam trick to try to avoid detection by antivirus software--but experts believe the attempt won't succeed.

    The Bagle worm installs a back door on infected systems and could allow a machine to be used as an e-mail gateway for sending spam. Since the beginning of March, Bagle has arrived under the guise of an encrypted Zip file with a password included in the e-mail text. Within days, antivirus companies updated their products to look for the password and decrypt the Zip file.

    But now the Bagle author has released three new versions (N, O and P) of the worm that produce the password in the form of a graphic or picture file, so a simple text scan of the infected e-mail will not find the password. This trick is commonly used by Web sites to hide e-mail addresses from Web bots that trawl the Internet looking for potential spam targets.

    Read more:
    http://news.com.com/2100-7355_3-5173129.html?part=rss&tag=feed&subj=news
     
Thread Status:
Not open for further replies.