Windows users suffer five new Bagle worm variants; Macintosh unaffected

“Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts,” Munir Kotadia reports for ZDNet UK. “Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle–being spread through e-mail and infecting PCs of users who open the attachment–Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.”

Kotadia reports, “Mikko Hypponen, head of antivirus response at Finnish security company F-Secure, told ZDNet UK that the latest variant of the Bagle family is sent inside an encrypted Zip file attached to an e-mail that contains the password required to access the file. This means that enterprises are unlikely to detect the virus at the perimeter because .zip files are not usually blocked and the encryption means that antivirus scanners will not be able to unzip the file: ‘This way they get through many gateway scanners that will not be able to unzip the file to scan it.'”

Full article here.

Related MacDailyNews article:
Washington Post: Internet punishing for Windows users, Mac users surf with impunity – February 28, 2004


  1. this one IS a mess! I’m getting a bunch of crap e-mail from made up addresses….. Ugh! When is the world ever going to learn?

    I’m looking forward to the day when the entire internet is either taken over by worms, and viruses, making it completely useless, or when MS is no longer a major player in the field, making the net a LOT more safe.

  2. Looks like it may have been a bad time for Apple to choose .zip as it’s compression format of choice in Panther. If this type of thing continues (and it certainly appears that it will) IT Departments are going to start stripping .zips from e-mails by default and render the format as basically useless for e-mail.

  3. True, but Apple can’t use SIT format without paying Aladdin. However, Apple can always fall back on its Unix heritage: Unix compress or gzip. I don’t think it’ll be hard to do so.

  4. True, but Apple can’t use SIT format without paying Aladdin.

    What do you mean, Nobody? Anybody that has Stuffit Deluxe can stuff files, and anybody that has Stuffit Expander, a free download from Aladdin, can unstuff them. How does this involve Apple?

  5. I’m amazed that nobody’s taken up the fact that unzipping a file should not lead to the contents of said file being automatically executed! This is a huge security problem and a mistake that was made before! Why the hell can’t I hear this being called a security hole?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.