Appearance of multiple variants of the Bagle worm with rootkit

Over the last few days, PandaLabs has detected the appearance of the new variants HX, HY and HZ of the Bagle worm. The main innovation in these variants compared to their predecessors is that they incorporate rootkit functions. Rootkits are programs designed to hide objects, such as processes, files or Windows Registry entries. By doing this, they can hide both their presence on the system, as well as the actions they carry out. The new variants of Bagle try to disable a large number of services belonging to security tools, such as antivirus and firewall programs, among others.

What’s more, they also try to download files from different Internet addresses. These files can have all types of content, including other malware specimens.

“Generating and selling rootkits has become a real business model. Due to their capacity to slip past traditional security solutions and their versatility to hide on the system and carry out all types of malicious actions, rootkits have become an excellent tool for cyber-criminals, which can earn them juicy profits,” explains Luis Corrons, director of PandaLabs. “For this reason, it is highly probable that rootkits will become one of the main threats in the Internet. With this in mind, Panda Software is incorporating effective technology specially designed to combat rootkits in our security solutions,” adds Corrons.