Bugbear virus threat on the rise
Published: 02 Oct 2002 08:02 BST
A new email virus gained a greater foothold in unpatched Windows PCs on Tuesday, spurring antivirus companies to upgrade their estimate of the virus' danger.
Known as W32.Bugbear or I-Worm.Tanatos, the mass-mailing computer virus started infecting computers via email on Sunday. On Tuesday, it accounted for nearly 11,000 infected email messages intercepted by email service provider MessageLabs' gateway servers. That placed it second to Klez.h, which accounted for about 14,000 email messages.
"It is so hard to stay up with all the patches," said John Harrington, US marketing director for MessageLabs. Harrington said most home users don't even realise they're missing a needed security fix.
The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5, according to an advisory posted by security company Symantec. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an email message execute when the text of the message appears in Outlook. The software problem was patched by Microsoft almost 18 months ago, but some users apparently have not updated their computers.
Once running, Bugbear searches a PC for email addresses and uses its own email engine to send off infected messages to each address listed. In addition, it uses random email addresses in the "from" field of the header to camouflage where the infected message is coming from.
The virus also attempts to shut down a host of security programs and antivirus measures, including many personal firewall programs and most popular antivirus scanning engines.
Lastly, Bugbear sends off an encrypted file with information about the computer to a predefined email address and opens a backdoor for network attackers to use to sneak into the system.
Symantec upgraded the threat rating of the virus to a "3" on Tuesday from a "2" on Monday, with the most severe rating being a "5". The rating measures various factors including the destructiveness of a virus and how fast and how far the virus has spread.
To prevent infection, Windows users should download the Microsoft patch, update their antivirus software and refrain from opening an attachment unless the sender confirms he or she sent it.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
40 out of 63 people found this useful
- Share this article:
