Advertisement
Promo

Application development Toolkit

Mutant Bugbear worm targets bank security

CNET Asia CNet Asia

Published: 11 Jun 2003 15:38 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security experts have uncovered a sinister new function in fast-spreading email virus Win32.Bugbear.B which suggests the worm harvests passwords used by bank employees.

"We have discovered a previously unknown functionality within the 32Bugbear.B worm and are strongly advising financial institutions worldwide that they may be at greater risk of exposure," antivirus software firm Symantec said in a recent statement.

The company said that this new discovery specifically affects employees of financial institutions. When the worm finds names of banks in a victim's mailbox, it tries to send sensitive data such as cached passwords and keystrokes to one of 10 email addresses included in its code.

The Win32.Bugbear.B belongs a new, worrying class of email worm that not only attempts to clog networks through malicious replication, but also attempts more serious forms of criminal activity.

According to a report from the Associated Press, the US government has issued a similar warning and the FBI is currently looking to what security experts believe to be the first Internet attack aimed at a specific economic sector.

Symantec said that the code of the new Bugbear worm contains a list of about 1,200 Web addresses for many of the world's largest financial institutions in its code. These include JP Morgan, American Express and Citibank.

If the worm determines that the default email address for the local domain belongs to a banking company, it will send cached dial-up networking passwords to the virus author, as well as other passwords and key-logging data, according to Symantec.

No major bank has yet to report a security breach as a result of the worm.

Soon after it surfaced last Wednesday, security software firms have upgraded the Win32.Bugbear.B virus from a medium level threat to high due to the rapid rate of infection. To date, Symantec said it has received 8,932 reports, with 245 of them being corporate customers.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
29 out of 61 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Application development


Company/Topic Alerts

Create a new alert from the list below:








Video icon

Video

Discussions

Rupert Goodwins Rupert Goodwins

Google announces Public DNS

Friday 4 December 2009, 11:30 AM

4 comments
BitSmith BitSmith

Google announces Public DNS

Friday 4 December 2009, 10:29 AM

4 comments
hkommedal hkommedal

The bill's Clause 17. .

Friday 4 December 2009, 4:30 AM

3 comments
CA CA

HP workers set dates for strikes

Friday 4 December 2009, 4:17 AM

1 comment

View All

Featured Talkback

In association with Network Liberation Movement
The fact is: Software developers today are really designers and not coders. The reason that business anlaysts exist today to model solutions is because they understand the value of designing software before writing it. All too often developers create code that has little value because they do not understand that business classes interact with other classes within the confines of a working model or pattern.

By: 1000165269

Read full story:
Making sense of agile modelling


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters