Mutant Bugbear worm targets bank security
Published: 11 Jun 2003 15:38 BST
Security experts have uncovered a sinister new function in fast-spreading email virus Win32.Bugbear.B which suggests the worm harvests passwords used by bank employees.
"We have discovered a previously unknown functionality within the 32Bugbear.B worm and are strongly advising financial institutions worldwide that they may be at greater risk of exposure," antivirus software firm Symantec said in a recent statement.
The company said that this new discovery specifically affects employees of financial institutions. When the worm finds names of banks in a victim's mailbox, it tries to send sensitive data such as cached passwords and keystrokes to one of 10 email addresses included in its code.
The Win32.Bugbear.B belongs a new, worrying class of email worm that not only attempts to clog networks through malicious replication, but also attempts more serious forms of criminal activity.
According to a report from the Associated Press, the US government has issued a similar warning and the FBI is currently looking to what security experts believe to be the first Internet attack aimed at a specific economic sector.
Symantec said that the code of the new Bugbear worm contains a list of about 1,200 Web addresses for many of the world's largest financial institutions in its code. These include JP Morgan, American Express and Citibank.
If the worm determines that the default email address for the local domain belongs to a banking company, it will send cached dial-up networking passwords to the virus author, as well as other passwords and key-logging data, according to Symantec.
No major bank has yet to report a security breach as a result of the worm.
Soon after it surfaced last Wednesday, security software firms have upgraded the Win32.Bugbear.B virus from a medium level threat to high due to the rapid rate of infection. To date, Symantec said it has received 8,932 reports, with 245 of them being corporate customers.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
29 out of 61 people found this useful
- Share this article:
