Ultime notizie

A new virus from a successful family employs techniques never seen before. Win32.Bagle.H is the first virus in the wild ever to send itself compressed in a password-protected zip archive. This makes it impossible for antivirus software to uncompress the archive and check it for viruses.

Sophisticated social engineering techniques are used to persuade the receiver into opening the attachment. The user is required to first click the attachment and then input the password, which is found in the mail text. The password is randomly generated and stored in the body of the e-mail.

"To counter this new strategy, BitDefender Labs have developed an engine tasked with finding the zip password in the email text", says Viorel Canja, Head of BitDefender Labs. "To our knowledge, BitDefender clients are the only ones to enjoy this kind of protection. Most AV products could only offer protection after the archive is extracted; that could be a little too late for inexperienced users", Viorel concluded.

The worm also threatens file sharing networks, by copying itself under various attractive names into all directories whose names contain the string "shar".

After infecting a system, the virus mails itself to all the addresses it can find and opens a backdoor on port 2745. It is set to expire on the 25-th of March 2005.

NEWS UPDATE: Virus variants Bagle.J through K have been detected in the wild. They present the same level of risk.