Virus 'double whammy' hits users

Bagle and Netsky make unwelcome returns...
Written by ZDNet Staff, Contributor

Bagle and Netsky make unwelcome returns...

Two recent big hitters from the malware world have made an unwelcome return, with variants of the self-propagating Netsky and Bagle worms flooding users' inboxes worldwide.

An absolute glut of Bagle variants - C, D, E, F and G - all broke out over the weekend, while Netsky.D appeared this morning, immediately raising concerns about the extent of damage it could do as its spread appears to echo that of the devastating Sobig virus last year.

Antivirus vendors were very quick to upgrade the Netsky.D worm to their highest threat rating.

Graham Cluley, senior technology consultant for Sophos, said. "We are getting reports from companies that thousands of copies of [Netsky.D] have started clogging up their email systems - in a similar way to the Sobig virus last year."

Both worms are mass mailers and show few signs of reinventing the wheel in terms of displaying anything new in the writers' arsenal. The biggest complication is with the most recent Bagle.G, which carries the virus inside an encrypted .Zip file, meaning it is very likely it will evade detection.

While .exe files are easily blocked .Zip files are far likelier to get through.

Cluley said: "However good an ISP, web email account or antivirus gateway product may be at scanning email, it will be useless at detecting the worm inside the encrypted Zip file."

But perhaps the most interesting aspect of the outbreaks is the sheer number of Bagle variants.

David Emm, marketing manager at McAfee Avert, said: "It's not unusual to see lots of variants, but I can't remember when we have seen so many in such a short amount of time."

One theory, put forward by Mikko Hypponen, head of antivirus response at Finnish F-Secure, is that the barrage of evolving variants - each one slightly different to the previous iteration - is an attempt to stay one step ahead of the antivirus industry, keeping them on their toes and increasing the likelihood of one variant being afforded a sizeable window of opportunity to do some serious damage.

Munir Kotadia writes for ZDNet UK

Editorial standards