New Netsky version, worse than C
Bucharest, Romania - March 13, 2004--BitDefender developers today warn against a new version of the Bagle virus - Bagle.M. The new version, the same as the prior two, is using a ZIP encrypted archive, but also brings in the RAR archive. The main difference from the preceding versions consists in hiding the archive password in a GIF, BMP or JPG image. (See BitDefender press release about Bagle.H).
"The author seems to have noticed some antivirus producers' strategy to read the password from the e-mail body text. BitDefender was the first to detect this version as it scans not only the e-mail body, but it also tries to find the password of the zip files using heuristics methods", says Mircea Ciubotariu, Virus Researcher at BitDefender. "I believe the use of images in social-engineering tricks could become a trend in virus writing." Mircea concluded.
The virus is still spreading through e-mail, using a very clever social-engineering mechanism. It's a mass-mailer, file-infector, polymorphic worm that is already spreading in the wild.
BitDefender producers are already working on a removal tools for the already infected computer. The tool, as well as a full description of the virus. will be soon available on the BitDefender websites.
More information about this virus and current antivirus trends is available online at www.bitdefender.com.