The Bagle worm continues to plague the Internet over three years after it first appeared, with many anti-virus engines unable to keep up, a security vendor has claimed.
In an analysis of the phenomenon released this week, Commtouch Software said its virus outbreak detection research Labs (VRDL) were still finding an average of 625 new variants of the mass-mailing worm per day, or up to 1,000 on peak days. The total number of new variants – defined as versions giving differing MD5 checksums – now stood at over 30,000 since the beginning of 2007 alone.
According to the company, the sheer volume of new variants means that traditional anti-virus and heuristic scanners were now unable to cope with the malware flood. That Bagle (or ‘Bagel’ as it is sometimes named) was now exploiting “stealth outbreaks”, whereby small numbers of a new variant were distributed in such a way as to exploit a window of opportunity before being spotted, had only made matters even worse.
Commtouch doesn’t offer any evidence that rival security products can’t detect the large number of polymorphic variants, though it seems likely that even these occurrences have common features that make them stand out.
The ultimate purpose of the vast Bagle family is, as ever, the distribution of spam, which goes a long way to explaining its continued popularity. It could even be the most successful piece of malware in computing history.