New Worm Shuts Down Antivirus Shields

New Worm Shuts Down Antivirus Shields

NU Online News Service, March 2, 12:14 p.m., EST?Agents and home offices using virus protection may have their defenses penetrated by a new "worm" recently detected by Moscow, Russia-based Kaspersky Lab.[@@]

Kaspersky, a security content management company, said it has detected a number of variants of Email-Worm.Win32.Bagle. A worm is a destructive program that can reproduce itself and make a computer slow down significantly or stop.

The worm is launched when the user clicks on the attachment, said Kaspersky. Bagle copies itself into the Windows system folder, then stops processes that protect individual computers and local networks, leaving them open to further attack.

According to Kaspersky, these new Bagles are variants of previously known malware, but with an important difference. "One thing they all have in common is that they don't self-replicate. In other words, these are so-called intended variants, not fully functional versions" the security firm said. Kaspersky added that it has seen large numbers of these variants being mass-mailed as spam.

"The new Bagles were sent as attachment to infected e-mails with random or missing subjects and texts," Kaspersky noted. "The malware arrives as a Windows executable file. The name, form and size of the files are also random. It is difficult therefore to identify the infected e-mails using formal attributes, and we caution all users to be especially cautious when opening email attachments.

"Kaspersky Lab virus analysts have detected 15 pieces of malware by the author of Bagle. They are closely related and differ mostly in the packing routines," the company said. Detailed information and a description are available on www.viruslist.com.