ESET's NOD32 Detects Two New Rapidly Spreading Bagle Worms; Traditional antivirus signature updates can not keep up with rapidly spreading Trojan

Business Wire, Feb 6, 2006

SAN DIEGO, Calif. -- ESET, a global security software company providing next-generation malware protection, today warned customers of two new Bagle virus variants proliferating via the Internet that can cause significant computer damage. ESET noted a Bagle variant, Win32/Bagle.FA, on February 3, and it spread rapidly yesterday during the Superbowl football game, along with a slightly older variant, Win32/Bagle.EZ. ESET Threat Labs have determined that the variants disable antivirus programs and modify the system's hosts file so they cannot be updated.

The new Bagles are "Trojan downloaders," which install malicious files from an Internet location to create a backdoor into a machine, surpassing other computer defenses. Once the backdoor is installed, user systems are left unprotected to new viruses, since virus signatures are not updated properly.

To identify suspect emails, IT administrators should look for emails
where either the subject line and body lines may contain the text:
Price
February price,

and the attachments may be .zip files with any of the following names
price
pricelst
pricelist
price_lst
new_price
February_price
21_price.

"Hot on the heels of the recent VB.NEI (Kama Sutra / Blackmal) worm, ESET's Virus Radar system was detecting over 60,000 messages per hour carrying these new Bagle variants, with Win32/Bagle.FA hitting the number one spot," said Andrew Lee, chief technology officer of ESET. "When worms spread this rapidly it greatly increases the risk that the customer won't get updates before they are infected, and there's no time for the big media warning campaigns which help people become aware of these threats before they break. ESET's customers were protected from these worms in real-time, again demonstrating the power of our ThreatSense technology."

As well as offering a free remover for any systems infected by these worms ESET offers a free 30-day trial of its proactive antivirus software, NOD32, which can be downloaded from the website at www.eset.com/download/. The remover can be downloaded at www.eset.com.

ESET's Virus Radar (www.virusradar.com), a real-time malware tracking tool, identified the new Bagle variants using its flagship NOD32 Anti-Virus System. Virus Radar provides site visitors with easy access to in-depth analysis of the latest malicious outbreaks and processes approximately four million email messages per day to provide information such as the exact date a virus was first detected and its current detection rate. Virus Radar is also capable of tracking the progression of a single virus over a given period--in some instances from the earliest heuristic detection of a new virus to the point where the virus disappears.

About ESET

Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET's award-winning NOD32 antivirus, provides real-time protection from known and unknown viruses, spyware and other malware. NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product (www.virusbulletin.com). ESET was named to Deloitte's Technology Fast 500 four years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; San Diego, USA; Prague, CZ; Buenos Aires, AR; and is represented worldwide in more than 80 countries. For more information, visit www.eset.com or call 619-319-3000