Bagle Worm Celebrates Its 3rd Birthday

Bagle Worm Celebrates Its 3rd Birthday by Continuing to Bypass Anti-Virus Engines

Commtouch Reports How Email-Borne Malware Evades Detection

The veteran email-borne malware, known as Bagle or Beagle, continues to defeat most anti-virus solutions with its cleverly-devised distribution method. Of late, the email worm uses key offensive strategies to maximize propagation and slip under the radar of traditional AV defenses, according to a report released today by Commtouch (Nasdaq:CTCH).

The document, Malware Outbreak Trend Report: Bagle/Beagle, details the recent activity of one of the longest-running email-borne malware and the secrets of its continued success:

1. High Distribution Intensity: Bagle-Worm attacks repeatedly in intense, high-volume waves, releasing thousands of infected email messages per day to ensure a wide distribution of the malware across the Internet.

2. Vast Variant Quantity: Bagle distributes a vast number of malware variants, over 30,000 distinct variants have been detected during the several weeks of the report period. Since each variant or group of variants requires a different signature, it is impossible for anti-virus engines to keep up with this rapid-fire pace.

3. Low Variant Volume: Each variant is distributed in very small quantities or instances. Since an AV vendor must be aware of a malware sample in order to analyze it in its laboratory, distribution in low numbers often enables the malware to “fly below the radar” of the traditional anti-virus engines.

“The recent burst of 30,000 new distinct variant shows that Bagle has adopted the server-side polymorphic form and is sending intense waves of variants,” notes Haggai Carmon, Commtouch Vice President of Products. “Most email malware, including Bagle, has adopted the server-side polymorphic distribution technique due to its ability to penetrate traditional AV solutions by exploiting their signature time lag.”

Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne malware outbreaks, like the Bagle-Worm, within moments of their appearance on the Internet. Leading messaging and AV vendors license Commtouch technology to complement traditional AV technologies.

The Malware Outbreak Trends Report: Bagle/Beagle is available from the Commtouch Virus Outbreak Detection Lab at: http://www.commtouch.com/documents/Bagle-Worm_MOTR.pdf.

About Commtouch

Commtouch Software Ltd. (Nasdaq:CTCH) is dedicated to protecting and preserving the integrity of the world’s most important communications tool — email. Commtouch has over 16 years of experience developing messaging software and is a global developer and provider of proprietary anti-spam, Zero-Hour virus protection and Reputation Service solutions. Using core technologies including RPD (Recurrent Pattern Detection™), the Commtouch Detection Center analyzes billions of email messages per month to identify new spam and malware outbreaks within minutes of their introduction into the Internet. Integrated by more than 50 OEM partners, Commtouch technology protects thousands of organizations, with over 60 million users in over 100 countries. Commtouch is headquartered in Netanya, Israel, and has a subsidiary in Sunnyvale, CA. For more information, see: www.commtouch.com, including the Commtouch online lab detailing spam statistics and charts.

Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.
Contacts

Commtouch Software Ltd.
Rebecca Steinberg Herson, 650-864-2112
Int’l: +972-9-863-6877
rebeccah {at} commtouch(.)com