By :Clement James


Mar 12, 2007 10:11 AM




Veteran malware Bagle continues to defeat most antivirus solutions almost three years on by using a cleverly devised distribution method, security experts warned this week.

The email worm has begun to use key offensive strategies to maximise propagation and slip under the radar of traditional antivirus defences, according to a report from security firm Commtouch.

Bagle, also known as Beagle, is one of the longest running examples of email-borne malware.

The worm has seen continued success from its high distribution intensity, releasing thousands of infected email messages a day to ensure a wide distribution of the malware across the internet.

Bagle also has a vast number of variants. Over 30,000 distinct variants were detected during the report period. 

As each variant, or group of variants, requires a different signature, it is virtually impossible for antivirus engines to keep up with this rapid-fire pace.

Moreover, each variant is distributed in very small quantities or instances. Since an antivirus vendor must be aware of a malware sample in order to analyse it, distribution in low numbers often enables Bagle to "fly below the radar" of traditional antivirus engines.

"The recent burst of 30,000 new distinct variants shows that Bagle has adopted the server-side polymorphic form and is sending intense waves of variants," said Haggai Carmon, vice president of products at Commtouch.

"Most email malware, including Bagle, has adopted this technique to penetrate traditional antivirus solutions by exploiting their signature time lag."

Source from:Copyright © 2008 vnunet.com