Security news
Security news5 March 2004
Sophos protects against Bagle worm inside password-encrypted Zip files
 |
| Sophos customers are protected against the Bagle worms, even when they are in password encrypted Zip files. |
Last updated: 15 March
Anti-virus experts at Sophos have added the ability to detect password-protected versions of the Bagle worm at the email gateway.
An update issued initially on 4 March gives Sophos MailMonitor, Sophos PureMessage and other third-party email gateway products which use the Sophos virus detection engine, the capability to detect the W32/Bagle-F, W32/Bagle-G, W32/Bagle-H, W32/Bagle-I, W32/Bagle-J, W32/Bagle-K, W32/Bagle-N and W32/Bagle-O worms, even though they can be transmitted inside a variably password-encrypted Zip file. Sophos detects the encrypted Zip files as W32/Bagle-Zip.
"Sophos Anti-Virus at the desktop could already protect our millions of customers around the world from infection by Bagle, but this update means the virus can be stopped even earlier at the gateway despite the malicious code being hidden inside an encrypted Zip file," said Graham Cluley, senior technology consultant for Sophos. "This development is a real benefit to corporate customers defending against the latest virus outbreaks."
Sophos Enterprise Manager and PureMessage users automatically received this protection at their next scheduled update.
Prior to this update, Sophos PureMessage and MailMonitor users were able to prevent the password-protected variants of the Bagle worm from entering their organisation by quarantining encrypted ZIP files at the email gateway.
