ESET'S NOD32 PROACTIVELY DETECTS NEW VARIANTS OF THE BAGLE WORM |
| November 01, 2005 |
| Contact: Rick Moy Jessica Kositz or Sarah Thornton ESET Schwartz Communications, Inc. (619) 578-1871 (415) 512-0770 moy@eset.com eset@schwartz-pr.com ESET’S NOD32 PROACTIVELY DETECTS NEW VARIANTS OF THE BAGLE WORM Company warns non-customers of massive email spam of Win32/Bagle.DC and Win32/Bagle.DD worms SAN DIEGO, Calif., – (November 1, 2005) – ESET, a global security software company providing next-generation malware protection, today warned customers of an email seeding of the Win32/Bagle.DC and Win32/Bagle.DD worms. The newest variants of the Bagle family of worms were detected this morning and are designed to avoid signature-based detection, leaving many antivirus companies scrambling to respond by producing signature updates. ESET’s ThreatSense™ Advanced Heuristics technology immediately stopped the new variants, without updates, once again underlining the need for proactive protection. So far, ESET has identified more than 13,700 emails with Win32/Bagle.DC and 2,400 emails containing Win32/Bagle.DD and the number is quickly growing. ESET’s Virus Radar reported a spike of activity with upwards of 2,000 emails an hour being seeded, most likely through botnets. The variants, a part of the Bagle family, are spammed out in messages that have an empty subject line and a simple body which contains just one word such as "info" or "texte" and attached is a zipped dropper. The attachment names for example are "Info_prices.zip", "max.zip", "sms_text.zip", “Business_dealing.zip" and "Business.zip". Once the emails are opened the Win32/Bagle.DC will copy itself to \winnt\system32hloader_exe.exe, drop the file \winnt\system32\hleader_dll.dll, and then will try to download a file from some urls. At present none of the identified urls are working. “Because of the speed at which new variants are proliferated through botnets, even the most rapid response from a reactive signature update is insufficient,” said Andrew Lee, CTO of ESET. “With NOD32, ESET customers were proactively protected from these new Bagle variants in real-time due to our powerful, ThreatSense heuristics.” ESET is providing a free remover for the Bagle variants, which can be downloaded at www.eset.com. ESET’s Virus Radar (www.virusradar.com), a real-time malware tracking tool, immediately identified these malicious Bagle variant using ThreatSense. Over the course of a few hours, as many as 1,000 samples of the worm were detected. Virus Radar provides site visitors with easy access to in-depth analysis of the latest malicious outbreaks and processes approximately five million email messages per day to provide information such as the exact date a virus was first detected and its current detection rate. Virus Radar is also capable of tracking the progression of a single virus over a given period—in some instances from the earliest heuristic detection of a new virus to the point where the virus disappears. About ESET Founded in 1992, ESET is a global provider of security software solutions for enterprises and consumers. ESET’s award-winning, anti-threat software system, NOD32, provides real-time protection from known and unknown viruses, spyware and other malware. NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product (www.virusbulletin.com). ESET was named to Deloitte’s Technology Fast 500 three years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in San Diego, USA, Bratislava, SK, London, UK, Prague, CZ and is represented worldwide in more than 80 countries. For more information, visit www.eset.com or call 619-319-3000. |
Visit ESET on Facebook
Follow ESET on Twitter