Bagle worm attacks leave AV defences struggling

Anti-virus software companies are reporting a "wave" of Trojan spam e-mail attacks being spread by up to 15 variants of the Bagle...

Anti-virus software companies are reporting a "wave" of Trojan spam e-mail attacks being spread by up to 15 variants...

of the Bagle worm.

The high number of variants to the worm is making it difficult for anti-virus companies to update their security signatures to protect users from infection. 

As a result anti-virus companies are warning customers not to rely only on their desktop and server security software, and to be extra careful about what e-mails they open, to avoid infection.

Some of the Trojans, being spread by a world network of "zombie" computers, are being used to install malicious remote monitoring software on users' machines, enabling criminals to monitor PC usage and steal personal details to commit fraud.

Zombies are user PCs that have been taken over remotely by criminals to spread malware without the users' knowing their machines have been infected.

Ken Dunham, director of malicious code at internet security firm, said, "The attack is ongoing and many of the minor variants are not detected by various security products.  

"These codes do require user interaction, but user-interaction worms have proven themselves to be highly effective in the wild over the past 13 months."

User interaction means users have to physically open an attachment, in this case often a Zip file, to infect their machine. 

Dunham said, "Hackers have been testing their code prior to the attack to ensure that certain anti-virus products do not detect the new minor variants.  

"Hackers have become increasingly sophisticated and organised in what they are doing in an attempt to steal sensitive information or gain control over many computers."



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: