Advertisement
Promo

Security threats Toolkit

Antivirus software decrypts Bagle attachments

Munir Kotadia ZDNet.co.uk

Published: 04 Mar 2004 17:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security firms have started updating their products with more sophisticated techniques aimed at getting inside the encrypted attachments in which the Bagle worm has spread.

Recent versions of the Bagle worm have bypassed corporate gateway security because they are distributed in password-protected Zip files, which are next to impossible for antivirus programs to scan. Emails infected with the Bagle worm, however, contain the password required for opening the Zip file.

On Wednesday, antivirus vendors BitDefender and Kaspersky Labs both launched updates enabling their software to open any encrypted attachments using the password contained in the email text. Once the file is decrypted, it is treated as an executable file and scanned normally.

Eugene Kaspersky, head of antivirus research at Kaspersky Labs, said: "This new technology protects users from a new generation of worms, specifically worms that hide in password-protected Zip files. Five worms using this technique appeared within only four days -- a new trend has been set in the computer underground," he said.

Viorel Canja, head of BitDefender Labs, said in a statement: "We have developed an engine tasked with finding the Zip password in the email text. Most AV products could only offer protection after the archive is extracted; that could be a little too late for inexperienced users," he said.

Network Box, a security appliance vendor that licenses Kaspersky's antivirus software, has updated its gateway product to include complete protection against Bagle, which the company said is a first.

Simon Heron, director of Network Box, told ZDNet UK the product combines Kaspersky's software with Network Box's own technology to deal with the latest Bagle mutations at the network perimeter.

According to Heron, this does mean the gateway is fractionally slower, but by no more than 50ms (milliseconds) per email: "The worst case scenario is we will take 50ms extra to parse an email that has a password-encrypted attachment. We don't think this is a problem," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
63 out of 134 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:












Related Jobs

Open TV, SDK, HPK, Set Top Box, West Yorkshire

SC Security Cleared penetration testers Contract Reading

Senior Network Analyst / Security Analyst

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters