Network Computing is part of the Informa Tech Division of Informa PLC
Updates Protect Against New Bagle Worms' Encrypted Tactics
Several anti-virus firms debuted updates that sniff out worms embedded in password-protected Zip files, a technique used by a number of this week's Bagle worms to sneak through corporate gateways.
Four of the Bagle variants released this week -- including Bagle.h, Bagle.i, Bagle.j, and Bagle.k -- can deliver their payloads within encrypted Zip archives. Passwords to the files are included in the message text of the malicious e-mail, tempting users to use the password to open the file.
The encrypted files are almost impossible to stop with earlier anti-virus software at the gateway, since the programs can't open the archive to detect possible worms or viruses. (Most anti-virus software, however, detects viruses as soon as a Zip file is opened, but it's preferable to stop such threats at the enterprise edge.)
Now, however, updates by several anti-virus firms, including Sophos and Kaspersky Labs, as well as network security provider Network Box, can seek out and stop encrypted archive attachments.
All work using the same technique of first detecting encrypted Zip files, then scanning the accompanying e-mail text for a password, which is used to unpack the file. Finally, its contents are checked for known viruses and worms.
Recommended For You
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.