Bugbear virus spreading rapidly

posted by abennett
Be the first to comment | I like it!
More »
on this topic
October 2, 2002, 03:53 PM —  ITworld.com — 

The Bugbear virus is rapidly spreading around the world, according to alerts issued by antivirus companies and computer security experts. The virus first appeared Monday and has since spread rapidly.

The virus is sent as an e-mail attachment with a variety of subject lines including "bad news," "Membership Confirmation," "Market Update Report," and "Your Gift." Code in the virus generates random attachment names and subject lines to avoid easy detection by antivirus software and assigns multiple file extensions to the virus to disguise the fact that it is an executable file, according to Vincent Gullotto, vice president of the McAfee AVERT (Anti-Virus Emergency Response Team) at Network Associates Inc.

Once activated, the virus shuts down vital processes used by antivirus and firewall software, records user keystrokes to capture passwords, sends copies of itself as e-mail attachments, and copies itself on to directories shared by networks that are accessible to the computers it infects.

The virus appears to be able to randomly forward copies of itself as attachments to old e-mail messages on the computers it infects to randomly selected third parties, according to a statement released by F-Secure Corp. of Helsinki. In addition to propagating the virus, this feature discloses otherwise personal e-mail correspondence to third parties.

As it attempts to access shared directories on computer networks, the virus may also send copies of itself to shared network printers, which will begin printing the binary code of the virus executable, according to F-Secure.

Finally, Bugbear opens a backdoor to the machines that it infects. Using a Web browser, the virus author or malicious hackers can access a Web interface created by the virus, browse local files on an infected machine and execute programs on that machine, according to F-Secure.

While initial reports indicated that Bugbear's code might have contained flaws that prevented it from being able to mail itself out to new recipients, the rapid spread of the virus over the past two days seems to be proof that the virus is more than capable of reproducing itself.

Symantec Corp. announced Wednesday that it was upgrading Bugbear to a level four virus on a scale of one to five, with five being the most serious. Symantec pointed to a rapid increase in reports of the virus from customers, from 157 submissions on Tuesday to more than 2,000 by Wednesday morning.

In its statement, F-Secure indicated that incidents of the Bugbear infection had surpassed incidents of infection by the Klez virus, which had been the most widely circulated virus of 2002.

Reports of new infections are higher in Europe and Asia than in the U.S., according to Chris Wraight, technology consultant at antivirus software maker Sophos PLC. Bugbear is a far less formidable threat than predecessors like Klez, Wraight said.

"We're still looking at infections in the thousands. At this point with (the Klez virus) we were talking about millions of infections," Wraight said.

Leading antivirus software vendors have posted updated virus definitions covering the Bugbear worm. Antivirus software vendors are encouraging customers whose computers have not yet been infected to update their antivirus software.

Customers whose computers have been infected need to remove all files related to the virus from their machines and are encouraged to update any passwords that might have been exposed to the virus, according to F-Secure.

ITworld.com

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free books

Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!

The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace