Digital Common Sense

March 29, eWeek — Latest Bagle worm has rootkit features. Malicious hackers have fitted rootkit features into the newest mutants of the Bagle worm, adding a stealthy new danger to an already virulent threat. According to virus hunters at F−Secure, of Helsinki, Finland, the latest Bagle.GE variant loads a kernel−mode driver to hide the processes and registry keys of itself and other Bagle−related malware from security scanners. The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti−virus software and maintain a persistent and undetectable presence on infected machines. The Bagle threat started as a simple e−mail executable in 2004 but has grown and evolved over the years to become one of the most active threats against PC users. Security researchers estimate that the numerous Bagle variants have infected more computers than any other virus group.
Source: http://www.eweek.com/article2/0,1895,1944133,00.asp

Bagle, worm, rootkit, Infosec

Filed by Ken at 10:59 am under InfoSec