Monday, July 5, 2010

Bagle variants coming in spam

The Register is reporting that new Bagle variants are coming in spam. It comes attached as a Zip file, and in there is an exe file with some random looking name. If you extract that exe file from the zip file and then run it, not only are you an idiot, you will install a trojan which will then download more bad things and infect your machine.

This is a very common tactic these days to get a large starting point for the virus to spread from. They used to seed them to a few computers and let it grow from there - but spamming out to millions (or even many thousands) gets them a much larger starting point, so the growth can happen much more quickly.

Ways around this of course are to keep an updated anti-virus program, a good anti-spam system, and don't open every attachment that comes to you and arbitrarily run whatever programs happen to be in them. Unless you are expecting an attachment and it is of a type which can't do harm easily (images, PDF, Word/Excel with no Macros, etc), then you probably have no reason to look into it further than just tossing it.
Also note that your anti-virus tool should be able to drill down into Zip files for several levels and check the content in there.

No comments:

Post a Comment