Password-protected Zip files can now be scanned. Security firms have started updating their products with more sophisticated techniques aimed at getting inside the encrypted attachments in which the Bagle worm has spread. Recent versions of the Bagle worm have bypassed corporate gateway security because they are distributed in password-protected Zip files, which are next to impossible for antivirus programs to scan. Emails infected with the Bagle worm, however, contain the password required for opening the Zip file. On Wednesday, antivirus vendors BitDefender and Kaspersky Labs both launched updates enabling their software to open any encrypted attachments using the password contained in the email text. Once the file is decrypted, it is treated as an executable file and scanned normally. Eugene Kaspersky, head of antivirus research at Kaspersky Labs, said: “This new technology protects users from a new generation of worms, specifically worms that hide in password-protected Zip files. Five worms using this technique appeared within only four days – a new trend has been set in the computer underground,” he said. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.