NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0080 BAGLE worm tactics swamp signature-based defenses:
Security firm Commtouch recently released a "Malware Outbreak Trend Report" on the BAGLE worm, which noted that the malware continues to defeat most anti-virus solutions due to its cleverly-devised distribution method that maximizes propagation while slipping under the radar of traditional anti-virus engines. Commtouch points to multiple reasons why the BAGLE worm attacks have continued to be successful after three years, including a high distribution intensity. Analysis of recent BAGLE activity has shown that the attacks are conducted repeatedly, in intense, high-volume waves that release THOUSANDS of infected email messages per day to ensure a wide distribution across the internet. Despite the high volume of the attacks, the distribution volume of each variant is kept low, while the overall number of variants is very high.
Between 09JAN07 and 06MAR07, at least 30,000 new and distinct variants of the malware were observed. In the first two months of 2007, the average number of new and distinct variants was 625 per day, but reached as high as 1,000 on peak days. By distributing numerous malware variants in low volume, the attackers effectively evade detection by many anti- virus engines, and in many cases, variants never reach the stage of being analyzed by anti-virus vendors to create a signature for detection.
The Commtouch report concludes that recent BAGLE worm activity exemplifies how the use of server-side polymorphic malware distribution techniques (yeah, you do, and you'll clean it up....) using massive variants of low volume, can be highly effective in circumventing traditional anti-virus solutions.
(commtouch.com and BusinessWire - both 06MAR07)
Last Modified: Wednesday, 14-Mar-2007 11:05:07 EST