Security news15 March 2004
Sophos silences Bagle worm's RAR. Sophos protects against Bagle in password-encrypted RAR files
Sophos customers are protected against the latest slew of Bagle worms, even when they are spread inside password-encrypted RAR archive files.
Updates issued over the weekend give Sophos MailMonitor, Sophos PureMessage and other third-party email gateway products which use the Sophos virus detection engine, the capability to detect the W32/Bagle-N and W32/Bagle-O worms, even though they can be transmitted inside a variably password-encrypted RAR archive file. Sophos detects the encrypted files as W32/Bagle-Zip, and can also detect the worms if they are carried by an encrypted Zip file.
"Sophos Anti-Virus is at the forefront of technology when it comes to protecting businesses from viruses - this update means the virus can be stopped even earlier at the gateway despite the malicious code being hidden inside an encrypted RAR or Zip file," said Graham Cluley, senior technology consultant for Sophos. "This development is a real benefit to corporate customers defending against the latest virus outbreaks."
Sophos Enterprise Manager and PureMessage users automatically received this protection at their next scheduled update. Sophos products were updated on 4 March to protect against earlier versions of Bagle which transmitted themselves via password-encrypted Zip files.
