“Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts,” Munir Kotadia reports for ZDNet UK. “Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle–being spread through e-mail and infecting PCs of users who open the attachment–Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.”
Kotadia reports, “Mikko Hypponen, head of antivirus response at Finnish security company F-Secure, told ZDNet UK that the latest variant of the Bagle family is sent inside an encrypted Zip file attached to an e-mail that contains the password required to access the file. This means that enterprises are unlikely to detect the virus at the perimeter because .zip files are not usually blocked and the encryption means that antivirus scanners will not be able to unzip the file: ‘This way they get through many gateway scanners that will not be able to unzip the file to scan it.'”
Full article here.
Related MacDailyNews article:
Washington Post: Internet punishing for Windows users, Mac users surf with impunity – February 28, 2004