ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Antivirus software decrypts Bagle attachments

Munir Kotadia ZDNet.co.uk

Published: 04 Mar 2004 17:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security firms have started updating their products with more sophisticated techniques aimed at getting inside the encrypted attachments in which the Bagle worm has spread.

Recent versions of the Bagle worm have bypassed corporate gateway security because they are distributed in password-protected Zip files, which are next to impossible for antivirus programs to scan. Emails infected with the Bagle worm, however, contain the password required for opening the Zip file.

On Wednesday, antivirus vendors BitDefender and Kaspersky Labs both launched updates enabling their software to open any encrypted attachments using the password contained in the email text. Once the file is decrypted, it is treated as an executable file and scanned normally.

Eugene Kaspersky, head of antivirus research at Kaspersky Labs, said: "This new technology protects users from a new generation of worms, specifically worms that hide in password-protected Zip files. Five worms using this technique appeared within only four days -- a new trend has been set in the computer underground," he said.

Viorel Canja, head of BitDefender Labs, said in a statement: "We have developed an engine tasked with finding the Zip password in the email text. Most AV products could only offer protection after the archive is extracted; that could be a little too late for inexperienced users," he said.

Network Box, a security appliance vendor that licenses Kaspersky's antivirus software, has updated its gateway product to include complete protection against Bagle, which the company said is a first.

Simon Heron, director of Network Box, told ZDNet UK the product combines Kaspersky's software with Network Box's own technology to deal with the latest Bagle mutations at the network perimeter.

According to Heron, this does mean the gateway is fractionally slower, but by no more than 50ms (milliseconds) per email: "The worst case scenario is we will take 50ms extra to parse an email that has a password-encrypted attachment. We don't think this is a problem," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
63 out of 134 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:












Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

1 comment

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

1 comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers